Windows 10 and Windows Server 2016 Policy Settings

Download as xlsx, pdf, or txt
Download as xlsx, pdf, or txt
You are on page 1of 1868

Group Policy Settings Reference

Windows 10

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and
Windows 10, version 1703. The policy settings included in this spreadsheet also cover Windows Server 2016, Windows 10, Windows Server 2
Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Wi
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (G

You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combinati
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on w
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Wind
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2

Legal Notice
This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change witho
Some examples depicted herein are provided for illustration only and are fictitious.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your in

Ó 2015 Microsoft Corporation. All rights reserved.

Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,
and Windows Vista are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.


ministrative template files (.admx and .adml) delivered with
016, Windows 10, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or e
lier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
MC) to edit Group Policy Objects (GPOs).

, based on one value or a combination of values that are available


n headings to add additional filtering criteria within that column.
e value or combination of values on which you want to filter,
le for Windows Server 2012 or Windows 8, in the
least Microsoft Windows Server 2012 or Windows 8.

t Web site references, may change without notice.

y copy and use this document for your internal, reference purposes.
Windows Server 2003 with SP2 or earlier service packs,
New in Windows 10 File name
activexinstallservice.admx
activexinstallservice.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
addremoveprograms.admx
RTM allowbuildpreview.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
appcompat.admx
1703 apphvsi.admx
1703 apphvsi.admx
1703 apphvsi.admx
1703 apphvsi.admx
1709 apphvsi.admx
1709 apphvsi.admx
1607 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
TP4 appprivacy.admx
1607 appprivacy.admx
1703 appprivacy.admx
TP4 appprivacy.admx
1709 appprivacy.admx
1703 appprivacy.admx
TP4 appprivacy.admx
1703 appprivacy.admx
1703 appprivacy.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1607 appv.admx
1703 appv.admx
1703 appv.admx
appxpackagemanager.admx
appxpackagemanager.admx
appxpackagemanager.admx
RTM appxpackagemanager.admx
RTM appxpackagemanager.admx
RTM appxpackagemanager.admx
appxruntime.admx
appxruntime.admx
appxruntime.admx
appxruntime.admx
appxruntime.admx
appxruntime.admx
RTM appxruntime.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
attachmentmanager.admx
auditsettings.admx
autoplay.admx
autoplay.admx
autoplay.admx
autoplay.admx
autoplay.admx
autoplay.admx
autoplay.admx
autoplay.admx
RTM avsvalidationgp.admx
1607 avsvalidationgp.admx
biometrics.admx
biometrics.admx
biometrics.admx
biometrics.admx
1703 biometrics.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
bits.admx
1607 camera.admx
ceipenable.admx
ceipenable.admx
RTM ciphersuiteorder.admx
ciphersuiteorder.admx
1607 cloudcontent.admx
1607 cloudcontent.admx
1703 cloudcontent.admx
TP4 cloudcontent.admx
TP4 cloudcontent.admx
1703 cloudcontent.admx
1703 cloudcontent.admx
1703 cloudcontent.admx
com.admx
com.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
controlpanel.admx
controlpanel.admx
controlpanel.admx
controlpanel.admx
1703 controlpanel.admx
1709 controlpanel.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
controlpaneldisplay.admx
TP4 controlpaneldisplay.admx
cpls.admx
credentialproviders.admx
credentialproviders.admx
credentialproviders.admx
credentialproviders.admx
credentialproviders.admx
RTM credentialproviders.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
credssp.admx
1703 credssp.admx
credui.admx
credui.admx
credui.admx
credui.admx
ctrlaltdel.admx
ctrlaltdel.admx
ctrlaltdel.admx
ctrlaltdel.admx
RTM datacollection.admx
TP5 datacollection.admx
datacollection.admx
TP5 datacollection.admx
1607 datacollection.admx
1703 datacollection.admx
1709 datacollection.admx
dcom.admx
dcom.admx
deliveryoptimization.admx
deliveryoptimization.admx
deliveryoptimization.admx
deliveryoptimization.admx
1607 deliveryoptimization.admx
RTM deliveryoptimization.admx
1607 deliveryoptimization.admx
1607 deliveryoptimization.admx
1607 deliveryoptimization.admx
1607 deliveryoptimization.admx
1607 deliveryoptimization.admx
1703 deliveryoptimization.admx
1703 deliveryoptimization.admx
1703 deliveryoptimization.admx
1703 deliveryoptimization.admx
1703 deliveryoptimization.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
desktop.admx
devicecompat.admx
devicecompat.admx
1607 devicecredential.admx
deviceguard.admx
deviceguard.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
deviceinstallation.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
devicesetup.admx
dfs.admx
digitallocker.admx
digitallocker.admx
diskdiagnostic.admx
diskdiagnostic.admx
disknvcache.admx
disknvcache.admx
disknvcache.admx
disknvcache.admx
diskquota.admx
diskquota.admx
diskquota.admx
diskquota.admx
diskquota.admx
diskquota.admx
1703 display.admx
1703 display.admx
distributedlinktracking.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dnsclient.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
dwm.admx
eaime.admx
eaime.admx
eaime.admx
eaime.admx
eaime.admx
eaime.admx
eaime.admx
eaime.admx
RTM eaime.admx
1607 eaime.admx
1703 eaime.admx
earlylauncham.admx
edgeui.admx
edgeui.admx
edgeui.admx
edgeui.admx
edgeui.admx
edgeui.admx
edgeui.admx
1607 edgeui.admx
1607 edgeui.admx
encryptfilesonmove.admx
enhancedstorage.admx
enhancedstorage.admx
enhancedstorage.admx
enhancedstorage.admx
enhancedstorage.admx
enhancedstorage.admx
enhancedstorage.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
TP4 errorreporting.admx
TP4 errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
errorreporting.admx
TP4 errorreporting.admx
TP4 errorreporting.admx
eventforwarding.admx
eventforwarding.admx
eventlog.admx
eventlog.admx
RTM eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
RTM eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
RTM eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
RTM eventlog.admx
eventlog.admx
eventlog.admx
eventlog.admx
eventlogging.admx
eventviewer.admx
eventviewer.admx
eventviewer.admx
1709 exploitguard.admx
explorer.admx
explorer.admx
explorer.admx
explorer.admx
explorer.admx
explorer.admx
RTM explorer.admx
externalboot.admx
externalboot.admx
externalboot.admx
TP4 feedbacknotifications.admx
1709 fidoauth.admx
filehistory.admx
filerecovery.admx
filerevocation.admx
fileservervssprovider.admx
filesys.admx
1607 filesys.admx
filesys.admx
filesys.admx
filesys.admx
filesys.admx
filesys.admx
filesys.admx
1703 findmy.admx
folderredirection.admx
folderredirection.admx
folderredirection.admx
folderredirection.admx
folderredirection.admx
folderredirection.admx
folderredirection.admx
framepanes.admx
framepanes.admx
fthsvc.admx
1703 gamedvr.admx
gameexplorer.admx
gameexplorer.admx
gameexplorer.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
globalization.admx
RTM globalization.admx
globalization.admx
globalization.admx
globalization.admx
grouppolicy-server.admx
RTM grouppolicy.admx
1607 grouppolicy.admx
1607 grouppolicy.admx
1607 grouppolicy.admx
1607 grouppolicy.admx
1703 grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
grouppolicypreferences.admx
1709 handwriting.admx
help.admx
help.admx
help.admx
help.admx
helpandsupport.admx
helpandsupport.admx
helpandsupport.admx
helpandsupport.admx
hotspotauth.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
icm.admx
iis.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1607 inetres.admx
1607 inetres.admx
RTM inetres.admx
RTM inetres.admx
TP5 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1709 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
TP5 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
RTM inetres.admx
RTM inetres.admx
TP5 inetres.admx
RTM inetres.admx
RTM inetres.admx
RTM inetres.admx
RTM inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
TP5 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
TP5 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
RTM inetres.admx
RTM inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
RTM inetres.admx
RTM inetres.admx
RTM inetres.admx
RTM inetres.admx
1607 inetres.admx
1607 inetres.admx
1703 inetres.admx
1703 inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inkwatson.admx
inkwatson.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
iscsi.admx
kdc.admx
kdc.admx
kdc.admx
kdc.admx
kdc.admx
1607 kdc.admx
kerberos.admx
kerberos.admx
kerberos.admx
RTM kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
lanmanserver.admx
RTM lanmanserver.admx
lanmanserver.admx
RTM lanmanserver.admx
RTM lanmanworkstation.admx
lanmanworkstation.admx
1607 lanmanworkstation.admx
1607 lanmanworkstation.admx
TP5 leakdiagnostic.admx
linklayertopologydiscovery.admx
linklayertopologydiscovery.admx
locationprovideradm.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
TP4 logon.admx
RTM logon.admx
logon.admx
logon.admx
logon.admx
logon.admx
1607 logon.admx
RTM logon.admx
1607 mdm.admx
1709 mdm.admx
1709 messaging.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1709 microsoftedge.admx
1709 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1709 microsoftedge.admx
1709 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1709 microsoftedge.admx
1709 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
microsoftedge.admx
1607 microsoftedge.admx
1607 microsoftedge.admx
1607 microsoftedge.admx
1607 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
1703 microsoftedge.admx
mmc.admx
mmc.admx
mmc.admx
mmc.admx
mmc.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mmcsnapins2.admx
mobilepcmobilitycenter.admx
mobilepcmobilitycenter.admx
mobilepcpresentationsettings.admx
mobilepcpresentationsettings.admx
1703 msapolicy.admx
msched.admx
msched.admx
msched.admx
msdt.admx
msdt.admx
msdt.admx
msi-filerecovery.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
ncsi.admx
ncsi.admx
ncsi.admx
ncsi.admx
ncsi.admx
ncsi.admx
1709 ncsi.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
RTM netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
netlogon.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkconnections.admx
networkisolation.admx
networkisolation.admx
networkisolation.admx
networkisolation.admx
networkisolation.admx
1703 networkisolation.admx
1703 networkisolation.admx
networkprovider.admx
TP4 offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
TP4 offlinefiles.admx
TP4 offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
RTM offlinefiles.admx
TP4 offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
TP4 offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
offlinefiles.admx
RTM offlinefiles.admx
RTM offlinefiles.admx
offlinefiles.admx
1709 ospolicy.admx
1709 ospolicy.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
p2p-pnrp.admx
1703 passport.admx
1703 passport.admx
passport.admx
passport.admx
passport.admx
1703 passport.admx
passport.admx
TP5 passport.admx
passport.admx
TP5 passport.admx
TP5 passport.admx
passport.admx
passport.admx
passport.admx
1703 passport.admx
1703 passport.admx
1709 passport.admx
1709 passport.admx
1709 passport.admx
1709 passport.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
peertopeercaching.admx
pentraining.admx
pentraining.admx
performancediagnostics.admx
performancediagnostics.admx
performancediagnostics.admx
performancediagnostics.admx
performanceperftrack.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
RTM power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
power.admx
1709 power.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
powershellexecutionpolicy.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
previousversions.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
printing.admx
1607 printing.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
printing2.admx
programs.admx
programs.admx
programs.admx
programs.admx
programs.admx
programs.admx
programs.admx
1709 pushtoinstall.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
qos.admx
racwmiprov.admx
radar.admx
reagent.admx
reliability.admx
reliability.admx
reliability.admx
reliability.admx
remoteassistance.admx
remoteassistance.admx
remoteassistance.admx
remoteassistance.admx
remoteassistance.admx
remoteassistance.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
RTM removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
RTM removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
removablestorage.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
sdiageng.admx
sdiageng.admx
sdiageng.admx
sdiagschd.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
RTM search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
search.admx
1607 search.admx
search.admx
1709 search.admx
securitycenter.admx
sensors.admx
sensors.admx
sensors.admx
sensors.admx
sensors.admx
sensors.admx
servermanager.admx
servermanager.admx
servermanager.admx
servermanager.admx
servicing.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
settingsync.admx
setup.admx
setup.admx
shapecollector.admx
shapecollector.admx
sharedfolders.admx
sharedfolders.admx
sharing.admx
sharing.admx
shell-commandprompt-regedittools.admx
shell-commandprompt-regedittools.admx
shell-commandprompt-regedittools.admx
shell-commandprompt-regedittools.admx
shellwelcomecenter.admx
sidebar.admx
sidebar.admx
sidebar.admx
sidebar.admx
sidebar.admx
sidebar.admx
TP4 skydrive.admx
1709 skydrive.admx
skydrive.admx
skydrive.admx
skydrive.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
smartcard.admx
1703 smartscreen.admx
1703 smartscreen.admx
1703 smartscreen.admx
1703 smartscreen.admx
1703 smartscreen.admx
1703 smartscreen.admx
snmp.admx
snmp.admx
snmp.admx
soundrec.admx
soundrec.admx
1703 speech.admx
srm-fci.admx
srm-fci.admx
srm-fci.admx
srm-fci.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
RTM startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
TP5 startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
TP5 startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
startmenu.admx
1709 storagehealth.admx
systemrestore.admx
systemrestore.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
RTM tabletpcinputpanel.admx
tabletpcinputpanel.admx
RTM tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletpcinputpanel.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
tabletshell.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
TP4 taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
taskbar.admx
1703 taskbar.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
taskscheduler.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver-server.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
TP4 terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
TP5 terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
terminalserver.admx
thumbnails.admx
thumbnails.admx
thumbnails.admx
TP4 touchinput.admx
touchinput.admx
touchinput.admx
touchinput.admx
tpm.admx
tpm.admx
tpm.admx
tpm.admx
RTM tpm.admx
tpm.admx
tpm.admx
tpm.admx
1709 tpm.admx
1709 tpm.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
1607 userexperiencevirtualization.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
userprofiles.admx
RTM volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
1703 volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
1703 volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
volumeencryption.admx
RTM volumeencryption.admx
volumeencryption.admx
RTM w32time.admx
RTM w32time.admx
RTM w32time.admx
w32time.admx
RTM wcm.admx
RTM wcm.admx
wcm.admx
RTM wcm.admx
RTM wdi.admx
RTM wdi.admx
RTM wincal.admx
RTM wincal.admx
RTM windowsanytimeupgrade.admx
RTM windowsanytimeupgrade.admx
windowsbackup.admx
TP4 windowsbackup.admx
TP4 windowsbackup.admx
TP4 windowsbackup.admx
TP4 windowsbackup.admx
TP4 windowscolorsystem.admx
TP4 windowscolorsystem.admx
RTM windowsconnectnow.admx
RTM windowsconnectnow.admx
RTM windowsconnectnow.admx
windowsdefender.admx
windowsdefender.admx
1703 windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
1607 windowsdefender.admx
TP4 windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
TP4 windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
1703 windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
TP4 windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
TP4 windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
1607 windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
windowsdefender.admx
RTM windowsdefender.admx
windowsdefender.admx
1607 windowsdefender.admx
RTM windowsdefender.admx
1703 windowsdefender.admx
1703 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefender.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
1709 windowsdefendersecuritycenter.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
1703 windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
1703 windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsexplorer.admx
windowsfileprotection.admx
windowsfileprotection.admx
windowsfileprotection.admx
windowsfileprotection.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsfirewall.admx
windowsinkworkspace.admx
windowsinkworkspace.admx
windowsmediadrm.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmediaplayer.admx
windowsmessenger.admx
windowsmessenger.admx
windowsmessenger.admx
windowsmessenger.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremotemanagement.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsremoteshell.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsstore.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1703 windowsupdate.admx
1709 windowsupdate.admx
1709 windowsupdate.admx
wininit.admx
wininit.admx
wininit.admx
winlogon.admx
winlogon.admx
winlogon.admx
winlogon.admx
winlogon.admx
winlogon.admx
winlogon.admx
winlogon.admx
winmaps.admx
winmaps.admx
winsrv.admx
wirelessdisplay.admx
wirelessdisplay.admx
wlansvc.admx
wlansvc.admx
wlansvc.admx
wlansvc.admx
wordwheel.admx
workfolders-client.admx
workfolders-client.admx
1703 workfolders-client.admx
workplacejoin.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wpn.admx
wwansvc.admx
wwansvc.admx
1709 wwansvc.admx
1709 wwansvc.admx
Policy Setting Name
Approved Installation Sites for ActiveX Controls
Establish ActiveX installation policy for sites in Trusted zones
Specify default category for Add New Programs
Hide the "Add a program from CD-ROM or floppy disk" option
Hide the "Add programs from Microsoft" option
Hide the "Add programs from your network" option
Hide Add New Programs page
Remove Add or Remove Programs
Hide the Set Program Access and Defaults page
Hide Change or Remove Programs page
Go directly to Components Wizard
Remove Support Information
Hide Add/Remove Windows Components page
Toggle user control over Insider builds
Prevent access to 16-bit applications
Remove Program Compatibility Property Page
Turn off Application Telemetry
Turn off SwitchBack Compatibility Engine
Turn off Application Compatibility Engine
Turn off Program Compatibility Assistant
Turn off Program Compatibility Assistant
Turn off Steps Recorder
Turn off Inventory Collector
Turn on Windows Defender Application Guard in Enterprise Mode
Configure Windows Defender Application Guard clipboard settings
Configure Windows Defender Application Guard print settings
Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer
Allow data persistence for Windows Defender Application Guard
Allow auditing events in Windows Defender Application Guard
Let Windows apps access account information
Let Windows apps access the calendar
Let Windows apps access call history
Let Windows apps access the camera
Let Windows apps access contacts
Let Windows apps access email
Let Windows apps access location
Let Windows apps access messaging
Let Windows apps access the microphone
Let Windows apps access motion
Let Windows apps access notifications
Let Windows apps make phone calls
Let Windows apps control radios
Let Windows apps communicate with unpaired devices
Let Windows apps access Tasks
Let Windows apps access trusted devices
Let Windows apps run in the background
Let Windows apps access diagnostic information about other apps
Enable App-V Client
Package Installation Root
Specify what to load in background (aka AutoLoad)
Package Source Root
Reestablishment Retries
Reestablishment Interval
Location Provider
Certificate Filter For Client SSL
Verify certificate revocation list
Shared Content Store (SCS) mode
Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection
Require Publish As Admin
Enable Support for BranchCache
Reporting Server
Publishing Server 1 Settings
Publishing Server 2 Settings
Publishing Server 3 Settings
Publishing Server 4 Settings
Publishing Server 5 Settings
Enable Publishing Refresh UX
Enable Migration Mode
Enable Package Scripts
Roaming File Exclusions
Roaming Registry Exclusions
Integration Root User
Integration Root Global
Microsoft Customer Experience Improvement Program (CEIP)
Virtual Component Process Allow List
Enable Dynamic Virtualization
Enable automatic cleanup of unused appv packages
Enable background sync to server when on battery power
Allow all trusted apps to install
Allow deployment operations in special profiles
Allows development of Windows Store apps and installing them from an integrated development environment (IDE)
Disable installing Windows apps on non-system volumes
Prevent users' app data from being stored on non-system volumes
Allow a Windows app to share application data between users
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a URI scheme
Block launching desktop apps associated with a URI scheme
Allow Microsoft accounts to be optional
Turn on dynamic Content URI Rules for Windows store apps
Block launching Windows Store apps with Windows Runtime API access from hosted content.
Notify antivirus programs when opening attachments
Trust logic for file attachments
Do not preserve zone information in file attachments
Hide mechanisms to remove zone information
Default risk level for file attachments
Inclusion list for high risk file types
Inclusion list for low file types
Inclusion list for moderate risk file types
Include command line in process creation events
Set the default behavior for AutoRun
Set the default behavior for AutoRun
Prevent AutoPlay from remembering user choices.
Prevent AutoPlay from remembering user choices.
Turn off Autoplay
Turn off Autoplay
Disallow Autoplay for non-volume devices
Disallow Autoplay for non-volume devices
Turn off KMS Client Online AVS Validation
Control Device Reactivation for Retail devices
Allow the use of biometrics
Allow users to log on using biometrics
Allow domain users to log on using biometrics
Specify timeout for fast user switching events
Configure enhanced anti-spoofing
Timeout for inactive BITS jobs
Limit the maximum BITS job download time
Limit the maximum network bandwidth for BITS background transfers
Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
Allow BITS Peercaching
Limit the age of files in the BITS Peercache
Limit the BITS Peercache size
Do not allow the computer to act as a BITS Peercaching client
Do not allow the computer to act as a BITS Peercaching server
Limit the maximum network bandwidth used for Peercaching
Set default download behavior for BITS jobs on costed networks
Limit the maximum number of BITS jobs for this computer
Limit the maximum number of BITS jobs for each user
Limit the maximum number of files allowed in a BITS job
Limit the maximum number of ranges that can be added to the file in a BITS job
Do not allow the BITS client to use Windows Branch Cache
Allow Use of Camera
Allow Corporate redirection of Customer Experience Improvement uploads
Tag Windows Customer Experience Improvement data with Study Identifier
SSL Cipher Suite Order
ECC Curve Order
Configure Windows spotlight on lock screen
Turn off all Windows spotlight features
Do not use diagnostic data for tailored experiences
Turn off Microsoft consumer experiences
Do not show Windows tips
Do not suggest third-party content in Windows spotlight
Turn off the Windows Spotlight on Action Center
Turn off the Windows Welcome Experience
Download missing COM components
Download missing COM components
Disable application Sharing
Prevent Control
Prevent Sharing
Prevent Sharing Command Prompts
Prevent Desktop Sharing
Prevent Sharing Explorer windows
Prevent Application Sharing in true color
Disable Audio
Prevent changing DirectSound Audio setting
Disable full duplex Audio
Prevent receiving Video
Prevent sending Video
Limit the bandwidth of Audio and Video
Allow persisting automatic acceptance of Calls
Disable Chat
Disable Whiteboard
Disable NetMeeting 2.x Whiteboard
Disable remote Desktop Sharing
Enable Automatic Configuration
Prevent adding Directory servers
Prevent automatic acceptance of Calls
Prevent changing Call placement method
Disable Directory services
Prevent receiving files
Prevent sending files
Prevent viewing Web directory
Limit the size of sent files
Set the intranet support Web page
Set Call Security options
Disable the Advanced Calling button
Hide the Audio page
Hide the General page
Hide the Security page
Hide the Video page
Hide specified Control Panel items
Always open All Control Panel Items when opening Control Panel
Prohibit access to Control Panel and PC settings
Show only specified Control Panel items
Settings Page Visibility
Allow Online Tips
Disable the Display Control Panel
Hide Settings tab
Prevent changing color and appearance
Prevent changing screen saver
Enable screen saver
Force specific screen saver
Password protect the screen saver
Screen saver timeout
Prevent changing desktop background
Prevent changing sounds
Prevent changing mouse pointers
Prevent changing desktop icons
Prevent changing color scheme
Prevent changing theme
Load a specific theme
Prevent changing visual style for windows and buttons
Force a specific visual style file or force Windows Classic
Prohibit selection of visual style font size
Do not display the lock screen
Prevent changing lock screen and logon image
Prevent enabling lock screen slide show
Prevent enabling lock screen camera
Force a specific background and accent color
Force a specific Start background
Prevent changing start menu background
Force a specific default lock screen and logon image
Apply the default account picture to all users
Assign a default domain for logon
Exclude credential providers
Turn on convenience PIN sign-in
Turn off picture password sign-in
Allow users to select when a password is required when resuming from connected standby
Assign a default credential provider
Allow delegating default credentials
Allow delegating default credentials with NTLM-only server authentication
Allow delegating fresh credentials
Allow delegating fresh credentials with NTLM-only server authentication
Allow delegating saved credentials
Allow delegating saved credentials with NTLM-only server authentication
Deny delegating default credentials
Deny delegating fresh credentials
Deny delegating saved credentials
Restrict delegation of credentials to remote servers
Remote host allows delegation of non-exportable credentials
Enumerate administrator accounts on elevation
Require trusted path for credential entry
Do not display the password reveal button
Do not display the password reveal button
Remove Change Password
Remove Lock Computer
Remove Task Manager
Remove Logoff
Allow Telemetry
Allow Telemetry
Disable pre-release features or settings
Configure Connected User Experiences and Telemetry
Configure the Commercial ID
Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service
Limit Enhanced diagnostic data to the minimum required by Windows Analytics
Allow local activation security check exemptions
Define Activation Security Check exemptions
Download Mode
Group ID
Max Upload Bandwidth (in KB/s)
Max Cache Size (percentage)
Absolute Max Cache Size (in GB)
Max Cache Age (in seconds)
Monthly Upload Data Cap (in GB)
Minimum Background QoS (in KB/s)
Modify Cache Drive
Maximum Download Bandwidth (in KB/s)
Maximum Download Bandwidth (percentage)
Minimum Peer Caching Content File Size (in MB)
Enable Peer Caching while the device connects via VPN
Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB)
Minimum disk size allowed to use Peer Caching (in GB)
Allow uploads while the device is on battery while under set Battery level (percentage)
Enable Active Desktop
Disable Active Desktop
Prohibit changes
Add/Delete items
Prohibit adding items
Prohibit closing items
Prohibit deleting items
Prohibit editing items
Disable all items
Allow only bitmapped wallpaper
Desktop Wallpaper
Enable filter in Find dialog box
Hide Active Directory folder
Maximum size of Active Directory searches
Prohibit User from manually redirecting Profile Folders
Hide and disable all items on the desktop
Remove the Desktop Cleanup Wizard
Hide Internet Explorer icon on desktop
Remove Computer icon on the desktop
Remove My Documents icon on the desktop
Hide Network Locations icon on desktop
Remove Properties from the Computer icon context menu
Remove Properties from the Documents icon context menu
Do not add shares of recently opened documents to Network Locations
Remove Recycle Bin icon from desktop
Remove Properties from the Recycle Bin context menu
Don't save settings at exit
Prevent adding, dragging, dropping and closing the Taskbar's toolbars
Prohibit adjusting desktop toolbars
Turn off Aero Shake window minimizing mouse gesture
Device compatibility settings
Driver compatibility settings
Allow companion device for secondary authentication
Turn On Virtualization Based Security
Deploy Windows Defender Application Control
Prioritize all digitally signed drivers equally during the driver ranking and selection process
Configure device installation time-out
Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
Allow remote access to the Plug and Play interface
Allow administrators to override Device Installation Restriction policies
Allow installation of devices using drivers that match these device setup classes
Prevent installation of devices using drivers that match these device setup classes
Allow installation of devices that match any of these device IDs
Prevent installation of devices that match any of these device IDs
Prevent installation of removable devices
Prevent installation of devices not described by other policy settings
Time (in seconds) to force reboot when required for policy changes to take effect
Display a custom message title when device installation is prevented by a policy setting
Display a custom message when installation is prevented by a policy setting
Allow non-administrators to install drivers for these device setup classes
Code signing for device drivers
Turn off "Found New Hardware" balloons during device installation
Do not send a Windows error report when a generic driver is installed on a device
Prevent Windows from sending an error report when a device driver requests additional software during installation
Configure driver search locations
Turn off Windows Update device driver search prompt
Turn off Windows Update device driver search prompt
Specify search order for device driver source locations
Specify the search server for device driver updates
Prevent device metadata retrieval from the Internet
Configure how often a DFS client discovers domain controllers
Do not allow Digital Locker to run
Do not allow Digital Locker to run
Disk Diagnostic: Configure custom alert text
Disk Diagnostic: Configure execution level
Turn off boot and resume optimizations
Turn off cache power mode
Turn off non-volatile cache feature
Turn off solid state mode
Enable disk quotas
Enforce disk quota limit
Specify default quota limit and warning level
Log event when quota limit is exceeded
Log event when quota warning level is exceeded
Apply policy to removable media
Turn on GdiDPIScaling for applications
Turn off GdiDPIScaling for applications
Allow Distributed Link Tracking clients to use domain resources
Connection-specific DNS suffix
DNS servers
Primary DNS suffix
Register DNS records with connection-specific DNS suffix
Register PTR records
Dynamic update
Replace addresses in conflicts
Registration refresh interval
TTL value for A and PTR records
DNS suffix search list
Update security level
Update top level domain zones
Primary DNS suffix devolution
Primary DNS suffix devolution level
Turn off multicast name resolution
Allow DNS suffix appending to unqualified multi-label name queries
Turn off smart multi-homed name resolution
Turn off smart protocol reordering
Allow NetBT queries for fully qualified domain names
Prefer link local responses over DNS when received over a network with higher precedence
Turn off IDN encoding
IDN mapping
Do not allow window animations
Do not allow window animations
Do not allow Flip3D invocation
Do not allow Flip3D invocation
Use solid color for Start background
Specify a default color
Specify a default color
Do not allow color changes
Do not allow color changes
Turn on misconversion logging for misconversion report
Turn off saving auto-tuning data to file
Turn off history-based predictive input
Turn off Open Extended Dictionary
Turn off Internet search integration
Turn off custom dictionary
Restrict character code range of conversion
Do not include Non-Publishing Standard Glyph in the candidate list
Turn on cloud candidate
Turn on cloud candidate for CHS
Turn on lexicon update
Boot-Start Driver Initialization Policy
Turn off switching between recent apps
Turn off tracking of app usage
Do not show recent apps when the mouse is pointing to the upper-left corner of the screen
Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen
Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the l
Disable help tips
Disable help tips
Allow edge swipe
Allow edge swipe
Do not automatically encrypt files moved to encrypted folders
Allow only USB root hub connected Enhanced Storage devices
Lock Enhanced Storage when the computer is locked
Do not allow non-Enhanced Storage removable devices
Do not allow password authentication of Enhanced Storage devices
Do not allow Windows to activate Enhanced Storage devices
Configure list of IEEE 1667 silos usable on your computer
Configure list of Enhanced Storage devices usable on your computer
Configure Error Reporting
Display Error Notification
Disable Windows Error Reporting
Disable Windows Error Reporting
Prevent display of the user interface for critical errors
Disable logging
Disable logging
Do not send additional data
Do not send additional data
Do not throttle additional data
Do not throttle additional data
Automatically send memory dumps for OS-generated error reports
Automatically send memory dumps for OS-generated error reports
Send additional data when on battery power
Send additional data when on battery power
Send data when on connected to a restricted/costed network
Send data when on connected to a restricted/costed network
Default application reporting settings
List of applications to never report errors for
List of applications to always report errors for
Report operating system errors
Configure Report Archive
Configure Report Archive
Configure Corporate Windows Error Reporting
List of applications to be excluded
List of applications to be excluded
Configure Report Queue
Configure Report Queue
Customize consent settings
Customize consent settings
Ignore custom consent settings
Ignore custom consent settings
Configure Default consent
Configure Default consent
Configure target Subscription Manager
Configure forwarder resource usage
Back up log automatically when full
Configure log access
Configure log access (legacy)
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Back up log automatically when full
Configure log access
Configure log access (legacy)
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Back up log automatically when full
Configure log access
Configure log access (legacy)
Control Event Log behavior when the log file reaches its maximum size
Turn on logging
Control the location of the log file
Specify the maximum log file size (KB)
Back up log automatically when full
Configure log access
Configure log access (legacy)
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Enable Protected Event Logging
Events.asp program
Events.asp program command line parameters
Events.asp URL
Use a common set of exploit protection settings
Display the menu bar in File Explorer
Prevent users from adding files to the root of their Users Files folder.
Turn off common control and window animations
Turn off Data Execution Prevention for Explorer
Turn off heap termination on corruption
Set a support web page link
Do not reinitialize a pre-existing roamed user profile when it is loaded on a machine for the first time
Windows To Go Default Startup Options
Allow hibernate (S4) when starting from a Windows To Go workspace
Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace
Do not show feedback notifications
Enable usage of FIDO devices to sign on
Turn off File History
Configure Corrupted File Recovery behavior
Allow Windows Runtime apps to revoke enterprise data
Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running o
Selectively allow the evaluation of a symbolic link
Enable Win32 long paths
Do not allow compression on all NTFS volumes
Do not allow encryption on all NTFS volumes
Enable NTFS pagefile encryption
Short name creation options
Disable delete notifications on all volumes
Enable / disable TXF deprecated features
Turn On/Off Find My Device
Use localized subfolder names when redirecting Start Menu and My Documents
Do not automatically make all redirected folders available offline
Do not automatically make specific redirected folders available offline
Use localized subfolder names when redirecting Start Menu and My Documents
Enable optimized move of contents in Offline Files cache on Folder Redirection server path change
Redirect folders on primary computers only
Redirect folders on primary computers only
Turn on or off details pane
Turn off Preview Pane
Configure Scenario Execution Level
Enables or disables Windows Game Recording and Broadcasting
Turn off downloading of game information
Turn off tracking of last play time of games in the Games folder
Turn off game updates
Disallow selection of Custom Locales
Disallow selection of Custom Locales
Restrict system locales
Disallow copying of user input methods to the system account for sign-in
Restrict user locales
Restrict user locales
Disallow changing of geographic location
Disallow changing of geographic location
Disallow user override of locale settings
Disallow user override of locale settings
Hide Regional and Language Options administrative options
Hide the geographic location option
Hide the select language group options
Hide user locale selection and customization options
Restricts the UI language Windows uses for all logged users
Restricts the UI languages Windows should use for the selected user
Force selected system UI language to overwrite the user UI language
Restrict selection of Windows menus and dialogs language
Turn off offer text predictions as I type
Turn off insert a space after selecting a text prediction
Turn off autocorrect misspelled words
Turn off highlight misspelled words
Block clean-up of unused language packs
Allow input personalization
Century interpretation for Year 2000
Turn off automatic learning
Turn off automatic learning
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
Untrusted Font Blocking
Process Mitigation Options
Process Mitigation Options
Enable Font Providers
Continue experiences on this device
Configure web-to-app linking with app URI handlers
Configure Group Policy Caching
Enable Group Policy Caching for Servers
Configure Logon Script Delay
Enable AD/DFS domain controller synchronization during policy refresh
Turn off Group Policy Client Service AOAC optimization
Configure Direct Access connections as a fast network connection
Change Group Policy processing to run asynchronously when a slow network connection is detected.
Turn off Local Group Policy Objects processing
Specify startup policy processing wait time
Allow cross-forest user policy and roaming user profiles
Configure software Installation policy processing
Configure disk quota policy processing
Configure EFS recovery policy processing
Configure folder redirection policy processing
Configure Internet Explorer Maintenance policy processing
Configure IP security policy processing
Configure registry policy processing
Configure scripts policy processing
Configure security policy processing
Configure wireless policy processing
Configure wired policy processing
Determine if interactive users can generate Resultant Set of Policy data
Determine if interactive users can generate Resultant Set of Policy data
Turn off automatic update of ADM files
Turn off background refresh of Group Policy
Remove users' ability to invoke machine policy refresh
Enforce Show Policies Only
Configure Group Policy domain controller selection
Configure Group Policy slow link detection
Configure Group Policy slow link detection
Set Group Policy refresh interval for computers
Set Group Policy refresh interval for domain controllers
Set Group Policy refresh interval for users
Set default name for new Group Policy objects
Create new Group Policy Object links disabled by default
Always use local ADM files for Group Policy Object Editor
Turn off Resultant Set of Policy logging
Configure user Group Policy loopback processing mode
Specify workplace connectivity wait time for policy processing
Configure Applications preference extension policy processing
Configure Applications preference logging and tracing
Configure Data Sources preference extension policy processing
Configure Data Sources preference logging and tracing
Configure Devices preference extension policy processing
Configure Devices preference logging and tracing
Configure Drive Maps preference extension policy processing
Configure Drive Maps preference logging and tracing
Configure Environment preference extension policy processing
Configure Environment preference logging and tracing
Configure Files preference extension policy processing
Configure Files preference logging and tracing
Configure Folder Options preference extension policy processing
Configure Folder Options preference logging and tracing
Configure Folders preference extension policy processing
Configure Folders preference logging and tracing
Configure Ini Files preference extension policy processing
Configure Ini Files preference logging and tracing
Configure Internet Settings preference extension policy processing
Configure Internet Settings preference logging and tracing
Configure Local Users and Groups preference extension policy processing
Configure Local Users and Groups preference logging and tracing
Configure Network Options preference extension policy processing
Configure Network Options preference logging and tracing
Configure Network Shares preference extension policy processing
Configure Network Shares preference logging and tracing
Configure Power Options preference extension policy processing
Configure Power Options preference logging and tracing
Configure Printers preference extension policy processing
Configure Printers preference logging and tracing
Configure Regional Options preference extension policy processing
Configure Regional Options preference logging and tracing
Configure Registry preference extension policy processing
Configure Registry preference logging and tracing
Configure Scheduled Tasks preference extension policy processing
Configure Scheduled Tasks preference logging and tracing
Configure Services preference extension policy processing
Configure Services preference logging and tracing
Configure Shortcuts preference extension policy processing
Configure Shortcuts preference logging and tracing
Configure Start Menu preference extension policy processing
Configure Start Menu preference logging and tracing
Permit use of Application snap-ins
Permit use of Applications preference extension
Permit use of Control Panel Settings (Computers)
Permit use of Data Sources preference extension
Permit use of Devices preference extension
Permit use of Drive Maps preference extension
Permit use of Environment preference extension
Permit use of Files preference extension
Permit use of Folders preference extension
Permit use of Folder Options preference extension
Permit use of Ini Files preference extension
Permit use of Internet Settings preference extension
Permit use of Local Users and Groups preference extension
Permit use of Network Options preference extension
Permit use of Network Shares preference extension
Permit use of Power Options preference extension
Permit use of Printers preference extension
Permit use of Regional Options preference extension
Permit use of Registry preference extension
Permit use of Scheduled Tasks preference extension
Permit use of Services preference extension
Permit use of Shortcuts preference extension
Permit use of Start Menu preference extension
Permit use of Control Panel Settings (Users)
Permit use of Preferences tab
Handwriting Panel Default Mode Docked
Restrict potentially unsafe HTML Help functions to specified folders
Restrict these programs from being launched from Help
Restrict these programs from being launched from Help
Turn off Data Execution Prevention for HTML Help Executible
Turn off Active Help
Turn off Help Ratings
Turn off Help Experience Improvement Program
Turn off Windows Online
Enable Hotspot Authentication
Restrict Internet communication
Restrict Internet communication
Turn off Automatic Root Certificates Update
Turn off printing over HTTP
Turn off printing over HTTP
Turn off downloading of print drivers over HTTP
Turn off downloading of print drivers over HTTP
Turn off Windows Update device driver searching
Turn off Event Viewer "Events.asp" links
Turn off Help and Support Center "Did you know?" content
Turn off Help and Support Center Microsoft Knowledge Base search
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Turn off Registration if URL connection is referring to Microsoft.com
Turn off Windows Error Reporting
Turn off access to all Windows Update features
Turn off Search Companion content file updates
Turn off Internet File Association service
Turn off Internet File Association service
Turn off access to the Store
Turn off access to the Store
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet download for Web publishing and online ordering wizards
Turn off the "Order Prints" picture task
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off Windows Customer Experience Improvement Program
Turn off Windows Network Connectivity Status Indicator active tests
Prevent IIS installation
Audio/Video Player
Carpoint
DHTML Edit Control
Shockwave Flash
Investor
Menu Controls
Microsoft Agent
Microsoft Chat
MSNBC
NetShow File Transfer Control
Microsoft Scriptlet Component
Microsoft Survey Control
Turn off the flip ahead with page prediction feature
Turn off the flip ahead with page prediction feature
Turn off loading websites and content in the background to optimize performance
Turn off loading websites and content in the background to optimize performance
Allow active content from CDs to run on user machines
Allow active content from CDs to run on user machines
Check for server certificate revocation
Check for server certificate revocation
Turn off ClearType
Turn off ClearType
Turn on Caret Browsing support
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Turn on Enhanced Protected Mode
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Always send Do Not Track header
Always send Do Not Track header
Use HTTP 1.1
Use HTTP 1.1
Use HTTP 1.1 through proxy connections
Use HTTP 1.1 through proxy connections
Allow Internet Explorer to use the SPDY/3 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Allow Internet Explorer to use the HTTP2 network protocol
Allow Internet Explorer to use the HTTP2 network protocol
Allow fallback to SSL 3.0 (Internet Explorer)
Turn off encryption support
Turn off encryption support
Do not allow resetting Internet Explorer settings
Do not allow resetting Internet Explorer settings
Check for signatures on downloaded programs
Check for signatures on downloaded programs
Allow third-party browser extensions
Allow third-party browser extensions
Allow Install On Demand (Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (except Internet Explorer)
Automatically check for Internet Explorer updates
Automatically check for Internet Explorer updates
Allow software to run or install even if the signature is invalid
Allow software to run or install even if the signature is invalid
Play animations in web pages
Play animations in web pages
Play sounds in web pages
Play sounds in web pages
Play videos in web pages
Play videos in web pages
Turn off Profile Assistant
Turn off Profile Assistant
Do not save encrypted pages to disk
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Empty Temporary Internet Files folder when browser is closed
Show Content Advisor on Internet Options
Show Content Advisor on Internet Options
Turn on inline AutoComplete
Turn off inline AutoComplete in File Explorer
Go to an intranet site for a one-word entry in the Address bar
Go to an intranet site for a one-word entry in the Address bar
Turn on script debugging
Turn off details in messages about Internet connection problems
Turn off page transitions
Turn on the display of script errors
Turn off smooth scrolling
Hide the button (next to the New Tab button) that opens Microsoft Edge
Hide the button (next to the New Tab button) that opens Microsoft Edge
Turn off configuring underline links
Turn off phone number detection
Turn off phone number detection
Subscription Limits
Disable adding channels
Disable adding schedules for offline pages
Disable offline page hit logging
Disable channel user interface completely
Disable editing and creating of schedule groups
Disable editing schedules for offline pages
Disable removing channels
Disable removing schedules for offline pages
Disable all scheduled offline pages
Disable downloading of site subscription content
Prevent specifying the code download path for each computer
Prevent choosing default text size
Disable the Advanced page
Disable the Advanced page
Disable the Connections page
Disable the Connections page
Disable the Content page
Disable the Content page
Disable the General page
Disable the General page
Disable the Privacy page
Disable the Privacy page
Disable the Programs page
Disable the Programs page
Disable the Security page
Disable the Security page
Send internationalized domain names
Send internationalized domain names
Turn off sending UTF-8 query strings for URLs
Turn off sending UTF-8 query strings for URLs
Use UTF-8 for mailto links
Use UTF-8 for mailto links
Prevent ignoring certificate errors
Prevent ignoring certificate errors
Turn off sending URL path as UTF-8
Prevent specifying background color
Prevent specifying text color
Prevent the use of Windows colors
Prevent specifying cipher strength update information URLs
Start the Internet Connection Wizard automatically
Turn on ActiveX control logging in Internet Explorer
Turn on ActiveX control logging in Internet Explorer
Turn off automatic download of the ActiveX VersionList
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Remove "Run this time" button for outdated ActiveX controls in Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains
Turn off blocking of outdated ActiveX controls for Internet Explorer
Turn off blocking of outdated ActiveX controls for Internet Explorer
Add-on List
Add-on List
Deny all add-ons unless specifically allowed in the Add-on List
Deny all add-ons unless specifically allowed in the Add-on List
All Processes
All Processes
Process List
Process List
Admin-approved behaviors
Admin-approved behaviors
Install binaries signed by MD2 and MD4 signing technologies
Install binaries signed by MD2 and MD4 signing technologies
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Internet Explorer Processes
Internet Explorer Processes
Process List
Process List
Internet Zone Restricted Protocols
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
Turn off Crash Detection
Turn off Crash Detection
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Turn off Automatic Crash Recovery
Turn off Automatic Crash Recovery
Turn off Reopen Last Browsing Session
Turn off Reopen Last Browsing Session
Do not allow users to enable or disable add-ons
Do not allow users to enable or disable add-ons
Add a specific list of search providers to the user's list of search providers
Add a specific list of search providers to the user's list of search providers
Turn on menu bar by default
Turn on menu bar by default
Turn off Favorites bar
Turn off Favorites bar
Disable caching of Auto-Proxy scripts
Disable external branding of Internet Explorer
Disable changing Advanced page settings
Customize user agent string
Customize user agent string
Use Automatic Detection for dial-up connections
Prevent "Fix settings" functionality
Prevent "Fix settings" functionality
Prevent managing the phishing filter
Prevent managing the phishing filter
Turn off Managing SmartScreen Filter for Internet Explorer 8
Turn off Managing SmartScreen Filter for Internet Explorer 8
Prevent managing SmartScreen Filter
Prevent managing SmartScreen Filter
Prevent bypassing SmartScreen Filter warnings
Prevent bypassing SmartScreen Filter warnings
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet
Turn off the Security Settings Check feature
Turn off the Security Settings Check feature
Position the menu bar above the navigation bar
Prevent changing pop-up filter level
Prevent changing pop-up filter level
Display error message on proxy script download failure
Turn on compatibility logging
Turn on compatibility logging
Enforce full-screen mode
Enforce full-screen mode
Disable Import/Export Settings wizard
Disable Import/Export Settings wizard
Turn off browser geolocation
Turn off browser geolocation
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash
Turn off page-zooming functionality
Turn off page-zooming functionality
Identity Manager: Prevent users from using Identities
Automatically activate newly installed add-ons
Automatically activate newly installed add-ons
Turn off add-on performance notifications
Turn off add-on performance notifications
Turn on ActiveX Filtering
Turn on ActiveX Filtering
Configure Media Explorer Bar
Prevent access to Delete Browsing History
Prevent access to Delete Browsing History
Prevent deleting form data
Prevent deleting form data
Prevent deleting passwords
Prevent deleting passwords
Prevent deleting cookies
Prevent deleting cookies
Prevent deleting websites that the user has visited
Prevent deleting websites that the user has visited
Prevent deleting download history
Prevent deleting download history
Prevent deleting temporary Internet files
Prevent deleting temporary Internet files
Prevent deleting InPrivate Filtering data
Prevent deleting InPrivate Filtering data
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting ActiveX Filtering, Tracking Protection, and Do Not Track data
Prevent deleting favorites site data
Prevent deleting favorites site data
Allow deleting browsing history on exit
Allow deleting browsing history on exit
Prevent running First Run wizard
Prevent running First Run wizard
Prevent access to Internet Explorer Help
Prevent access to Internet Explorer Help
Prevent Internet Explorer Search box from appearing
Prevent Internet Explorer Search box from appearing
Turn off suggestions for all user-installed providers
Turn off suggestions for all user-installed providers
Turn off the quick pick menu
Turn off the quick pick menu
Disable Automatic Install of Internet Explorer components
Set tab process growth
Set tab process growth
Allow Internet Explorer 8 shutdown behavior
Allow Internet Explorer 8 shutdown behavior
Specify default behavior for a new tab
Specify default behavior for a new tab
Turn off Tab Grouping
Turn off Quick Tabs functionality
Turn off Quick Tabs functionality
Prevent changing the default search provider
Prevent changing the default search provider
Disable showing the splash screen
Turn off tabbed browsing
Turn off tabbed browsing
Turn off configuration of pop-up windows in tabbed browsing
Turn off configuration of pop-up windows in tabbed browsing
Disable Periodic Check for Internet Explorer software updates
Prevent configuration of how windows open
Prevent configuration of how windows open
Configure Outlook Express
Pop-up allow list
Pop-up allow list
Disable changing accessibility settings
Disable changing Automatic Configuration settings
Disable changing Automatic Configuration settings
Disable changing Temporary Internet files settings
Disable changing Calendar and Contact settings
Disable changing certificate settings
Disable changing default browser check
Notify users if Internet Explorer is not the default web browser
Disable changing color settings
Disable changing connection settings
Disable changing connection settings
Disable Internet Connection wizard
Disable changing font settings
Disable AutoComplete for forms
Turn on the auto-complete feature for user names and passwords on forms
Disable "Configuring History"
Disable "Configuring History"
Disable changing home page settings
Disable changing secondary home page settings
Disable changing secondary home page settings
Disable changing language settings
Disable changing link color settings
Disable changing Messaging settings
Prevent managing pop-up exception list
Prevent managing pop-up exception list
Turn off pop-up management
Turn off pop-up management
Disable changing Profile Assistant settings
Prevent changing proxy settings
Prevent changing proxy settings
Disable changing ratings settings
Disable the Reset Web Settings feature
Prevent the deletion of temporary Internet files and cookies
Prevent the deletion of temporary Internet files and cookies
Turn off the auto-complete feature for web addresses
Turn off the auto-complete feature for web addresses
Turn off Windows Search AutoComplete
Turn off Windows Search AutoComplete
Turn off URL Suggestions
Turn off URL Suggestions
Search: Disable Find Files via F3 within the browser
Search: Disable Search Customization
Security Zones: Use only machine settings
Security Zones: Do not allow users to change policies
Security Zones: Do not allow users to add/delete sites
Disable software update shell notifications on program launch
Restrict search providers to a specific list
Restrict search providers to a specific list
Prevent participation in the Customer Experience Improvement Program
Prevent participation in the Customer Experience Improvement Program
Prevent configuration of new tab creation
Prevent configuration of new tab creation
Make proxy settings per-machine (rather than per-user)
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use ActiveX controls without prompt
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow only approved domains to use the TDC ActiveX control
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Turn on Cross-Site Scripting Filter
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all local (intranet) sites not listed in other zones
Turn on certificate address mismatch warning
Turn on certificate address mismatch warning
Locked-Down Internet Zone Template
Locked-Down Internet Zone Template
Internet Zone Template
Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Intranet Zone Template
Intranet Zone Template
Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Local Machine Zone Template
Local Machine Zone Template
Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Restricted Sites Zone Template
Restricted Sites Zone Template
Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Trusted Sites Zone Template
Trusted Sites Zone Template
Intranet Sites: Include all sites that bypass the proxy server
Intranet Sites: Include all sites that bypass the proxy server
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all network paths (UNCs)
Site to Zone Assignment List
Site to Zone Assignment List
Turn on automatic detection of intranet
Turn on automatic detection of intranet
Turn on Notification bar notification for intranet content
Turn on Notification bar notification for intranet content
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Allow websites to open windows without status bar or Address bar
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Turn off first-run prompt
Include local path when user is uploading files to a server
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Allow updates to status bar via script
Turn on Protected Mode
Turn on Protected Mode
Show security warning for potentially unsafe files
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XAML files
Allow loading of XPS files
Allow loading of XPS files
Access data sources across domains
Access data sources across domains
Allow active scripting
Allow active scripting
Allow META REFRESH
Allow META REFRESH
Allow cut, copy or paste operations from the clipboard via script
Allow cut, copy or paste operations from the clipboard via script
Allow binary and script behaviors
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Display mixed content
Download signed ActiveX controls
Download signed ActiveX controls
Download unsigned ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Allow drag and drop or copy and paste files
Render legacy filters
Render legacy filters
Allow file downloads
Allow file downloads
Allow font downloads
Allow font downloads
Allow installation of desktop items
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Navigate windows and frames across different domains
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Automatic prompting for file downloads
Run ActiveX controls and plugins
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Software channel permissions
Submit non-encrypted form data
Submit non-encrypted form data
Run .NET Framework-reliant components not signed with Authenticode
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Userdata persistence
Allow script-initiated windows without size or position constraints
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Web sites in less privileged Web content zones can navigate into this zone
Allow VBScript to run in Internet Explorer
Allow VBScript to run in Internet Explorer
Prevent specifying the hover color
Prevent specifying the color of links that have not yet been clicked
Prevent specifying the color of links that have already been clicked
Turn on the hover color option
File menu: Disable closing the browser and Explorer windows
File menu: Disable Save As... menu option
File menu: Disable Save As Web Page Complete
File menu: Disable New menu option
File menu: Disable Open menu option
Help menu: Remove 'Send Feedback' menu option
Help menu: Remove 'For Netscape Users' menu option
Help menu: Remove 'Tip of the Day' menu option
Help menu: Remove 'Tour' menu option
Turn off Shortcut Menu
Hide Favorites menu
Disable Open in New Window menu option
Disable Save this program to disk option
Turn off Print Menu
Turn off Print Menu
Tools menu: Disable Internet Options... menu option
Turn off the ability to launch report site problems using a menu option
Turn off the ability to launch report site problems using a menu option
View menu: Disable Full Screen menu option
View menu: Disable Source menu option
Turn off automatic image resizing
Turn off image display
Allow Internet Explorer to play media files that use alternative codecs
Allow Internet Explorer to play media files that use alternative codecs
Allow the display of image download placeholders
Turn off smart image dithering
File size limits for Local Machine zone
File size limits for Intranet zone
File size limits for Trusted Sites zone
File size limits for Internet zone
File size limits for Restricted Sites zone
Turn on printing of background colors and images
Turn off background synchronization for feeds and Web Slices
Turn off background synchronization for feeds and Web Slices
Prevent downloading of enclosures
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Prevent subscribing to or deleting a feed or a Web Slice
Prevent automatic discovery of feeds and Web Slices
Prevent automatic discovery of feeds and Web Slices
Prevent access to feed list
Prevent access to feed list
Turn on Basic feed authentication over HTTP
Turn on Basic feed authentication over HTTP
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Define applications and processes that can access the Clipboard without prompting
Prevent configuration of search on Address bar
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
Prevent configuration of top-result search on Address bar
Allow native XMLHTTP support
Allow native XMLHTTP support
Turn off Data URI support
Turn off Data URI support
Turn off Data Execution Prevention
Do not display the reveal password button
Do not display the reveal password button
Change the maximum number of connections per host (HTTP 1.1)
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Maximum number of connections per server (HTTP 1.0)
Turn off cross-document messaging
Turn off cross-document messaging
Turn off the XDomainRequest object
Turn off the XDomainRequest object
Turn off the WebSocket Object
Turn off the WebSocket Object
Set the maximum number of WebSocket connections per server
Set the maximum number of WebSocket connections per server
Turn on automatic signup
Turn off toolbar upgrade tool
Turn off toolbar upgrade tool
Turn off Developer Tools
Turn off Developer Tools
Disable customizing browser toolbars
Disable customizing browser toolbar buttons
Configure Toolbar Buttons
Hide the Command bar
Hide the Command bar
Hide the status bar
Hide the status bar
Lock all toolbars
Lock all toolbars
Lock location of Stop and Refresh buttons
Lock location of Stop and Refresh buttons
Customize command labels
Customize command labels
Use large icons for command buttons
Use large icons for command buttons
Display tabs on a separate row
Display tabs on a separate row
Prevent specifying the update check interval (in days)
Prevent changing the URL for checking updates to Internet Explorer and Internet Tools
Turn off ActiveX Opt-In prompt
Turn off ActiveX Opt-In prompt
Prevent per-user installation of ActiveX controls
Prevent per-user installation of ActiveX controls
Specify use of ActiveX Installer Service for installation of ActiveX controls
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn on Suggested Sites
Turn on Suggested Sites
Turn off InPrivate Browsing
Turn off InPrivate Browsing
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off collection of InPrivate Filtering data
Establish InPrivate Filtering threshold
Establish InPrivate Filtering threshold
Turn off InPrivate Filtering
Turn off InPrivate Filtering
Establish Tracking Protection threshold
Establish Tracking Protection threshold
Turn off Tracking Protection
Turn off Tracking Protection
Add non-default Accelerators
Add non-default Accelerators
Add default Accelerators
Add default Accelerators
Turn off Accelerators
Turn off Accelerators
Restrict Accelerators to those deployed through Group Policy
Restrict Accelerators to those deployed through Group Policy
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer 7 Standards Mode
Turn off Compatibility View
Turn off Compatibility View
Turn on Internet Explorer Standards Mode for local intranet
Turn on Internet Explorer Standards Mode for local intranet
Turn off Compatibility View button
Turn off Compatibility View button
Use Policy List of Internet Explorer 7 sites
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Use Policy List of Quirks Mode sites
Include updated website lists from Microsoft
Include updated website lists from Microsoft
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ability to pin sites in Internet Explorer on the desktop
Let users turn on and use Enterprise Mode from the Tools menu
Let users turn on and use Enterprise Mode from the Tools menu
Use the Enterprise Mode IE website list
Use the Enterprise Mode IE website list
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Send all sites not included in the Enterprise Mode Site List to Microsoft Edge.
Show message when opening sites in Microsoft Edge using Enterprise Mode
Show message when opening sites in Microsoft Edge using Enterprise Mode
Set default storage limits for websites
Set default storage limits for websites
Allow websites to store indexed databases on client computers
Allow websites to store indexed databases on client computers
Set indexed database storage limits for individual domains
Set indexed database storage limits for individual domains
Set maximum indexed database storage limit for all domains
Set maximum indexed database storage limit for all domains
Allow websites to store application caches on client computers
Allow websites to store application caches on client computers
Set application cache storage limits for individual domains
Set application cache storage limits for individual domains
Set maximum application caches storage limit for all domains
Set maximum application caches storage limit for all domains
Set application caches expiration time limit for individual domains
Set application caches expiration time limit for individual domains
Set maximum application cache resource list size
Set maximum application cache resource list size
Set maximum application cache individual resource size
Set maximum application cache individual resource size
Start Internet Explorer with tabs from last browsing session
Start Internet Explorer with tabs from last browsing session
Open Internet Explorer tiles on the desktop
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Set how links are opened in Internet Explorer
Install new versions of Internet Explorer automatically
Turn on Site Discovery WMI output
Turn on Site Discovery WMI output
Turn on Site Discovery XML output
Turn on Site Discovery XML output
Limit Site Discovery output by Zone
Limit Site Discovery output by Zone
Limit Site Discovery output by Domain
Limit Site Discovery output by Domain
Turn off handwriting recognition error reporting
Turn off handwriting recognition error reporting
Do not allow manual configuration of iSNS servers
Do not allow manual configuration of target portals
Do not allow manual configuration of discovered targets
Do not allow adding new targets via manual configuration
Do not allow changes to initiator iqn name
Do not allow additional session logins
Do not allow changes to initiator CHAP secret
Do not allow connections without IPSec
Do not allow sessions without mutual CHAP
Do not allow sessions without one way CHAP
Provide information about previous logons to client computers
Use forest search order
KDC support for claims, compound authentication and Kerberos armoring
Warning for large Kerberos tickets
Request compound authentication
KDC support for PKInit Freshness Extension
Define host name-to-Kerberos realm mappings
Define interoperable Kerberos V5 realm settings
Require strict KDC validation
Use forest search order
Require strict target SPN match on remote procedure calls
Specify KDC proxy servers for Kerberos clients
Disable revocation checking for the SSL certificate of KDC proxy servers
Fail authentication requests when Kerberos armoring is not available
Support compound authentication
Set maximum Kerberos SSPI context token buffer size
Kerberos client support for claims, compound authentication and Kerberos armoring
Always send compound authentication first
Support device authentication using certificate
Hash Publication for BranchCache
Hash Version support for BranchCache
Cipher suite order
Honor cipher suite order
Cipher suite order
Enable insecure guest logons
Offline Files Availability on Continuous Availability Shares
Handle Caching on Continuous Availability Shares
Configure Scenario Execution Level
Turn on Mapper I/O (LLTDIO) driver
Turn on Responder (RSPNDR) driver
Turn off Windows Location Provider
Do not process the legacy run list
Do not process the legacy run list
Do not process the run once list
Do not process the run once list
Always use classic logon
Do not display the Getting Started welcome screen at logon
Run these programs at user logon
Run these programs at user logon
Always wait for the network at computer startup and logon
Remove Boot / Shutdown / Logon / Logoff status messages
Do not display the Getting Started welcome screen at logon
Display highly detailed status messages
Hide entry points for Fast User Switching
Turn off Windows Startup sound
Show first sign-in animation
Always use custom logon background
Do not display network selection UI
Do not enumerate connected users on domain-joined computers
Enumerate local users on domain-joined computers
Block user from showing account details on sign-in
Turn off app notifications on the lock screen
Disable MDM Enrollment
Auto MDM Enrollment with AAD Token
Allow Message Service Cloud Sync
Allow Address bar drop-down list suggestions
Allow Address bar drop-down list suggestions
Configure Autofill
Configure Autofill
Allow Developer Tools
Allow Developer Tools
Configure Do Not Track
Configure Do Not Track
Allow Extensions
Allow Extensions
Allow InPrivate browsing
Allow InPrivate browsing
Configure Password Manager
Configure Password Manager
Configure Pop-up Blocker
Configure Pop-up Blocker
Allow search engine customization
Allow search engine customization
Configure search suggestions in Address bar
Configure search suggestions in Address bar
Configure Windows Defender SmartScreen
Configure Windows Defender SmartScreen
Allow web content on New Tab page
Allow web content on New Tab page
Always show the Books Library in Microsoft Edge
Always show the Books Library in Microsoft Edge
Configure cookies
Configure cookies
Set default search engine
Set default search engine
Configure additional search engines
Configure additional search engines
Provision Favorites
Provision Favorites
Configure the Enterprise Mode Site List
Configure the Enterprise Mode Site List
Prevent using Localhost IP address for WebRTC
Prevent using Localhost IP address for WebRTC
Configure Start pages
Configure Start pages
Disable lockdown of Start pages
Disable lockdown of Start pages
Prevent changes to Favorites on Microsoft Edge
Prevent changes to Favorites on Microsoft Edge
Prevent bypassing Windows Defender SmartScreen prompts for sites
Prevent bypassing Windows Defender SmartScreen prompts for sites
Prevent bypassing Windows Defender SmartScreen prompts for files
Prevent bypassing Windows Defender SmartScreen prompts for files
Configure Favorites
Configure Favorites
Send all intranet sites to Internet Explorer 11
Send all intranet sites to Internet Explorer 11
Show message when opening sites in Internet Explorer
Show message when opening sites in Internet Explorer
Prevent access to the about:flags page in Microsoft Edge
Prevent access to the about:flags page in Microsoft Edge
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent Microsoft Edge from gathering Live Tile information when pinning a site to Start
Prevent the First Run webpage from opening on Microsoft Edge
Prevent the First Run webpage from opening on Microsoft Edge
Keep favorites in sync between Internet Explorer and Microsoft Edge
Keep favorites in sync between Internet Explorer and Microsoft Edge
Configure the Adobe Flash Click-to-Run setting
Configure the Adobe Flash Click-to-Run setting
Allow clearing browsing data on exit
Allow clearing browsing data on exit
Allow Adobe Flash
Allow Adobe Flash
Allow Microsoft Compatibility List
Allow Microsoft Compatibility List
Restrict the user from entering author mode
Restrict users to the explicitly permitted list of snap-ins
Extended View (Web View)
ActiveX Control
Link to Web Address
AppleTalk Routing
Authorization Manager
Certification Authority Policy Settings
Connection Sharing (NAT)
DCOM Configuration Extension
Device Manager
DHCP Relay Management
Enterprise PKI
Event Viewer
Event Viewer (Windows Vista)
IAS Logging
IGMP Routing
IP Routing
IPX RIP Routing
IPX Routing
IPX SAP Routing
Logical and Mapped Drives
Online Responder
OSPF Routing
Public Key Policies
RAS Dialin - User Node
Remote Access
Removable Storage
RIP Routing
Routing
Send Console Message
Service Dependencies
Shared Folders Ext
SMTP Protocol
SNMP
System Properties
Group Policy Management
Group Policy Object Editor
Group Policy tab for Active Directory Tools
Resultant Set of Policy snap-in
Administrative Templates (Computers)
Administrative Templates (Users)
Folder Redirection
Internet Explorer Maintenance
IP Security Policy Management
Windows Firewall with Advanced Security
NAP Client Configuration
Remote Installation Services
Scripts (Startup/Shutdown)
Scripts (Logon/Logoff)
Security Settings
Software Installation (Computers)
Software Installation (Users)
Wired Network (IEEE 802.3) Policies
Wireless Network (IEEE 802.11) Policies
Administrative Templates (Computers)
Administrative Templates (Users)
Folder Redirection
Internet Explorer Maintenance
Scripts (Startup/Shutdown)
Scripts (Logon/Logoff)
Security Settings
Software Installation (Computers)
Software Installation (Users)
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Users and Computers
ADSI Edit
Certification Authority
Certificates
Certificate Templates
Component Services
Computer Management
Device Manager
Distributed File System
Disk Defragmenter
Disk Management
Event Viewer
Event Viewer (Windows Vista)
Failover Clusters Manager
FAX Service
FrontPage Server Extensions
Health Registration Authority (HRA)
Internet Authentication Service (IAS)
Internet Information Services
Indexing Service
IP Security Policy Management
IP Security Monitor
Local Users and Groups
NAP Client Configuration
.Net Framework Configuration
Network Policy Server (NPS)
Performance Logs and Alerts
QoS Admission Control
Remote Desktops
Routing and Remote Access
Removable Storage Management
Security Configuration and Analysis
Security Templates
Server Manager
Services
Shared Folders
System Information
Telephony
Remote Desktop Services Configuration
TPM Management
Windows Firewall with Advanced Security
Wireless Monitor
WMI Control
Group Policy Starter GPO Editor
Group Policy Management Editor
Storage Manager for SANs
Storage Manager for SANS Extension
Disk Management Extension
Share and Storage Management
Share and Storage Management Extension
DFS Management
DFS Management Extension
File Server Resource Manager
File Server Resource Manager Extension
Turn off Windows Mobility Center
Turn off Windows Mobility Center
Turn off Windows presentation settings
Turn off Windows presentation settings
Block all consumer Microsoft account user authentication
Automatic Maintenance Activation Boundary
Automatic Maintenance Random Delay
Automatic Maintenance WakeUp Policy
Microsoft Support Diagnostic Tool: Configure execution level
Microsoft Support Diagnostic Tool: Restrict tool download
Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
Configure MSI Corrupted File Recovery behavior
Allow users to browse for source while elevated
Allow users to use media source while elevated
Allow users to patch elevated products
Always install with elevated privileges
Always install with elevated privileges
Prohibit use of Restart Manager
Remove browse dialog box for new source
Prohibit flyweight patching
Turn off logging via package settings
Prevent removable media source for any installation
Turn off Windows Installer
Prevent users from using Windows Installer to install updates and upgrades
Prohibit rollback
Prohibit rollback
Allow user control over installs
Prohibit non-administrators from applying vendor signed updates
Prohibit removal of updates
Turn off creation of System Restore checkpoints
Prohibit User Installs
Enforce upgrade component rules
Control maximum size of baseline file cache
Specify the types of events Windows Installer records in its transaction log
Prevent Internet Explorer security prompt for Windows Installer scripts
Specify the order in which Windows Installer searches for installation files
Save copies of transform files in a secure location on workstation
Turn off shared components
Prevent embedded UI
Support Email Address
Friendly Name
User Interface
Prefer Local Names Allowed
DirectAccess Passive Mode
Corporate Resources
IPsec Tunnel Endpoints
Custom Commands
Specify corporate Website probe URL
Specify corporate DNS probe host name
Specify corporate DNS probe host address
Specify corporate site prefix list
Specify domain location determination URL
Specify passive polling
Specify global DNS
Contact PDC on logon failure
Use initial DC discovery retry setting for background callers
Use maximum DC discovery retry interval setting for background callers
Use final DC discovery retry setting for background callers
Use positive periodic DC cache refresh for background callers
Specify log file debug output level
Specify expected dial-up delay on logon
Specify maximum log file size
Specify negative DC Discovery cache setting
Set Netlogon share compatibility
Specify positive periodic DC Cache refresh for non-background callers
Set scavenge interval
Specify site name
Set SYSVOL share compatibility
Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the Allow
Use automated site coverage by the DC Locator DNS SRV Records
Specify DC Locator DNS records not registered by the DCs
Specify Refresh Interval of the DC Locator DNS records
Set TTL in the DC Locator DNS Records
Specify sites covered by the GC Locator DNS SRV Records
Set Priority in the DC Locator DNS SRV records
Set Weight in the DC Locator DNS SRV records
Specify sites covered by the application directory partition DC Locator DNS SRV records
Specify sites covered by the DC Locator DNS SRV records
Specify dynamic registration of the DC Locator DNS Records
Try Next Closest Site
Force Rediscovery Interval
Return domain controller address type
Allow cryptography algorithms compatible with Windows NT 4.0
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
Specify address lookup behavior for DC locator ping
Use urgent mode when pinging domain controllers
Prohibit adding and removing components for a LAN or remote access connection
Prohibit access to the Advanced Settings item on the Advanced menu
Prohibit TCP/IP advanced configuration
Prohibit installation and configuration of Network Bridge on your DNS domain network
Prohibit Enabling/Disabling components of a LAN connection
Ability to delete all user remote access connections
Prohibit deletion of remote access connections
Prohibit access to the Remote Access Preferences item on the Advanced menu
Enable Windows 2000 Network Connections settings for Administrators
Turn off notifications when a connection has only limited or no connectivity
Prohibit access to properties of components of a LAN connection
Ability to Enable/Disable a LAN connection
Prohibit access to properties of a LAN connection
Prohibit access to the New Connection Wizard
Prohibit use of Internet Connection Firewall on your DNS domain network
Ability to change properties of an all user remote access connection
Prohibit access to properties of components of a remote access connection
Prohibit connecting and disconnecting a remote access connection
Prohibit changing properties of a private remote access connection
Ability to rename all user remote access connections
Ability to rename LAN connections or remote access connections available to all users
Ability to rename LAN connections
Prohibit renaming private remote access connections
Prohibit use of Internet Connection Sharing on your DNS domain network
Prohibit viewing of status for an active connection
Require domain users to elevate when setting a network's location
Do not show the "local access only" network icon
Route all traffic through the internal network
Internet proxy servers for apps
Intranet proxy servers for apps
Private network ranges for apps
Proxy definitions are authoritative
Subnet definitions are authoritative
Enterprise resource domains hosted in the cloud
Domains categorized as both work and personal
Hardened UNC Paths
Subfolders always available offline
Specify administratively assigned Offline Files
Specify administratively assigned Offline Files
Non-default server disconnect actions
Non-default server disconnect actions
Default cache size
Allow or Disallow use of the Offline Files feature
Encrypt the Offline Files cache
Event logging level
Event logging level
Files not cached
Action on server disconnect
Action on server disconnect
Prevent use of Offline Files folder
Prevent use of Offline Files folder
Prohibit user configuration of Offline Files
Prohibit user configuration of Offline Files
Remove "Make Available Offline" command
Remove "Make Available Offline" command
Remove "Make Available Offline" for these files and folders
Remove "Make Available Offline" for these files and folders
Turn off reminder balloons
Turn off reminder balloons
At logoff, delete local copy of user’s offline files
Reminder balloon frequency
Reminder balloon frequency
Initial reminder balloon lifetime
Initial reminder balloon lifetime
Reminder balloon lifetime
Reminder balloon lifetime
Configure Slow link speed
Synchronize all offline files before logging off
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize all offline files when logging on
Synchronize offline files before suspend
Synchronize offline files before suspend
Turn on economical application of administratively assigned Offline Files
Configure slow-link mode
Limit disk space used by Offline Files
Configure Background Sync
Enable Transparent Caching
Enable file screens
Remove "Work offline" command
Remove "Work offline" command
Enable file synchronization on costed networks
Enables Activity Feed
Allow publishing of User Activities
Turn off Microsoft Peer-to-Peer Networking Services
Turn off Multicast Bootstrap
Turn off PNRP cloud creation
Set PNRP cloud to resolve only
Set the Seed Server
Turn off Multicast Bootstrap
Turn off PNRP cloud creation
Set PNRP cloud to resolve only
Set the Seed Server
Turn off Multicast Bootstrap
Turn off PNRP cloud creation
Set PNRP cloud to resolve only
Set the Seed Server
Disable password strength validation for Peer Grouping
Use Windows Hello for Business
Use Windows Hello for Business
Use a hardware security device
Use biometrics
Use PIN Recovery
Use phone sign-in
Minimum PIN length
Maximum PIN length
Require uppercase letters
Require lowercase letters
Require special characters
Require digits
History
Expiration
Use certificate for on-premises authentication
Use certificate for on-premises authentication
Configure device unlock factors
Configure dynamic lock factors
Turn off smart card emulation
Allow enumeration of emulated smart card for all users
Detect compatibility issues for applications and drivers
Detect application install failures
Detect applications unable to launch installers under UAC
Detect application failures caused by deprecated Windows DLLs
Detect application failures caused by deprecated COM objects
Detect application installers that need to be run as administrator
Notify blocked drivers
Turn on BranchCache
Set percentage of disk space used for client computer cache
Set BranchCache Hosted Cache mode
Set BranchCache Distributed Cache mode
Configure BranchCache for network files
Enable Automatic Hosted Cache Discovery by Service Connection Point
Configure Client BranchCache Version Support
Configure Hosted Cache Servers
Set age for segments in the data cache
Turn off Tablet PC Pen Training
Turn off Tablet PC Pen Training
Configure Scenario Execution Level
Configure Scenario Execution Level
Configure Scenario Execution Level
Configure Scenario Execution Level
Enable/Disable PerfTrack
Critical battery notification action
Low battery notification action
Critical battery notification level
Low battery notification level
Turn off low battery user notification
Select the Power button action (plugged in)
Select the Sleep button action (plugged in)
Select the lid switch action (plugged in)
Select the Start menu Power button action (plugged in)
Select the Power button action (on battery)
Select the Sleep button action (on battery)
Select the lid switch action (on battery)
Select the Start menu Power button action (on battery)
Turn Off the hard disk (plugged in)
Turn Off the hard disk (on battery)
Specify a custom active power plan
Select an active power plan
Prompt for password on resume from hibernate/suspend
Turn on the ability for applications to prevent sleep transitions (plugged in)
Specify the system hibernate timeout (plugged in)
Require a password when a computer wakes (plugged in)
Specify the system sleep timeout (plugged in)
Turn off hybrid sleep (plugged in)
Turn on the ability for applications to prevent sleep transitions (on battery)
Specify the system hibernate timeout (on battery)
Require a password when a computer wakes (on battery)
Specify the system sleep timeout (on battery)
Turn off hybrid sleep (on battery)
Turn off adaptive display timeout (plugged in)
Turn off adaptive display timeout (on battery)
Turn off the display (plugged in)
Turn off the display (on battery)
Allow standby states (S1-S3) when sleeping (plugged in)
Allow standby states (S1-S3) when sleeping (on battery)
Do not turn off system power after a Windows system shutdown has occurred.
Allow automatic sleep with Open Network Files (plugged in)
Allow automatic sleep with Open Network Files (on battery)
Reduce display brightness (plugged in)
Reduce display brightness (on battery)
Specify the display dim brightness (plugged in)
Specify the display dim brightness (on battery)
Turn on desktop background slideshow (plugged in)
Turn on desktop background slideshow (on battery)
Specify the unattended sleep timeout (plugged in)
Specify the unattended sleep timeout (on battery)
Allow applications to prevent automatic sleep (plugged in)
Allow applications to prevent automatic sleep (on battery)
Reserve battery notification level
Energy Saver Battery Threshold (plugged in)
Energy Saver Battery Threshold (on battery)
Allow network connectivity during connected-standby (plugged in)
Allow network connectivity during connected-standby (on battery)
Turn off Power Throttling
Turn on Script Execution
Turn on Script Execution
Turn on Module Logging
Turn on Module Logging
Turn on PowerShell Transcription
Turn on PowerShell Transcription
Turn on PowerShell Script Block Logging
Turn on PowerShell Script Block Logging
Set the default source path for Update-Help
Set the default source path for Update-Help
Prevent restoring previous versions from backups
Prevent restoring previous versions from backups
Hide previous versions list for local files
Hide previous versions list for local files
Prevent restoring local previous versions
Prevent restoring local previous versions
Hide previous versions list for remote files
Hide previous versions list for remote files
Prevent restoring remote previous versions
Prevent restoring remote previous versions
Hide previous versions of files on backup location
Hide previous versions of files on backup location
Activate Internet printing
Isolate print drivers from applications
Custom support URL in the Printers folder's left pane
Add Printer wizard - Network scan page (Managed network)
Browse the network to find printers
Always render print jobs on the server
Always rasterize content to be printed using a software rasterizer
Browse a common web site to find printers
Disallow installation of printers using kernel-mode drivers
Prevent addition of printers
Prevent deletion of printers
Add Printer wizard - Network scan page (Unmanaged network)
Only use Package Point and print
Package Point and print - Approved servers
Only use Package Point and print
Package Point and print - Approved servers
Computer location
Pre-populate printer search location text
Point and Print Restrictions
Point and Print Restrictions
Default Active Directory path when searching for printers
Printer browsing
Execute print drivers in isolated processes
Override print driver execution compatibility setting reported by print driver
Extend Point and Print connection to search Windows Update
Do not allow v4 printer drivers to show printer extensions
Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
Allow job name in event logs
Turn off Windows default printer management
Allow Print Spooler to accept client connections
Automatically publish new printers in Active Directory
Prune printers that are not automatically republished
Directory pruning interval
Directory pruning priority
Directory pruning retry
Log directory pruning retry events
Allow printers to be published
Check published state
Allow pruning of published printers
Hide the Programs Control Panel
Hide "Programs and Features" page
Hide "Installed Updates" page
Hide "Set Program Access and Computer Defaults" page
Hide "Windows Marketplace"
Hide "Get Programs" page
Hide "Windows Features"
Turn off Push To Install service
Best effort service type
Controlled load service type
Guaranteed service type
Network control service type
Qualitative service type
Best effort service type
Controlled load service type
Guaranteed service type
Network control service type
Qualitative service type
Limit outstanding packets
Limit reservable bandwidth
Set timer resolution
Best effort service type
Controlled load service type
Guaranteed service type
Network control service type
Non-conforming packets
Qualitative service type
Configure Reliability WMI Providers
Configure Scenario Execution Level
Allow restore of system to default state
Enable Persistent Time Stamp
Report unplanned shutdown events
Activate Shutdown Event Tracker System State Data feature
Display Shutdown Event Tracker
Turn on session logging
Allow only Windows Vista or later connections
Turn on bandwidth optimization
Customize warning messages
Configure Solicited Remote Assistance
Configure Offer Remote Assistance
Set time (in seconds) to force reboot
Set time (in seconds) to force reboot
CD and DVD: Deny read access
CD and DVD: Deny read access
CD and DVD: Deny write access
CD and DVD: Deny write access
CD and DVD: Deny execute access
Custom Classes: Deny read access
Custom Classes: Deny read access
Custom Classes: Deny write access
Custom Classes: Deny write access
Floppy Drives: Deny read access
Floppy Drives: Deny read access
Floppy Drives: Deny write access
Floppy Drives: Deny write access
Floppy Drives: Deny execute access
Removable Disks: Deny read access
Removable Disks: Deny read access
Removable Disks: Deny write access
Removable Disks: Deny write access
Removable Disks: Deny execute access
All Removable Storage classes: Deny all access
All Removable Storage classes: Deny all access
Tape Drives: Deny read access
Tape Drives: Deny read access
Tape Drives: Deny write access
Tape Drives: Deny write access
Tape Drives: Deny execute access
WPD Devices: Deny read access
WPD Devices: Deny read access
WPD Devices: Deny write access
WPD Devices: Deny write access
All Removable Storage: Allow direct access in remote sessions
Enable RPC Endpoint Mapper Client Authentication
Propagate extended error information
Ignore Delegation Failure
Set Minimum Idle Connection Timeout for RPC/HTTP connections
Restrict Unauthenticated RPC clients
Maintain RPC Troubleshooting State Information
Specify maximum wait time for Group Policy scripts
Run legacy logon scripts hidden
Display instructions in logoff scripts as they run
Run logon scripts synchronously
Run logon scripts synchronously
Display instructions in logon scripts as they run
Run Windows PowerShell scripts first at computer startup, shutdown
Run Windows PowerShell scripts first at user logon, logoff
Run Windows PowerShell scripts first at user logon, logoff
Display instructions in shutdown scripts as they run
Run startup scripts asynchronously
Display instructions in startup scripts as they run
Allow logon scripts when NetBIOS or WINS is disabled
Configure Security Policy for Scripted Diagnostics
Troubleshooting: Allow users to access and run Troubleshooting Wizards
Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control
Configure Scheduled Maintenance Behavior
Prevent adding UNC locations to index from Control Panel
Prevent adding UNC locations to index from Control Panel
Allow indexing of encrypted files
Disable indexer backoff
Prevent clients from querying the index remotely
Prevent indexing when running on battery power to conserve energy
Prevent customization of indexed locations in Control Panel
Prevent customization of indexed locations in Control Panel
Allow use of diacritics
Always use automatic language detection when indexing content and properties
Do not allow locations on removable drives to be added to libraries
Don't search the web or display web results in Search
Don't search the web or display web results in Search over metered connections
Set what information is shared in Search
Set the SafeSearch setting for Search
Prevent automatically adding shared folders to the Windows Search index
Prevent adding user-specified locations to the All Locations menu
Prevent the display of advanced indexing options for Windows Search in the Control Panel
Prevent indexing files in offline files cache
Enable indexing uncached Exchange folders
Enable indexing of online delegate mailboxes
Enable throttling for online mail indexing
Prevent indexing Microsoft Office Outlook
Prevent indexing e-mail attachments
Control rich previews for attachments
Prevent indexing public folders
Indexer data location
Add primary intranet search location
Add secondary intranet search locations
Preview pane location
Set large or small icon view in desktop search results
Stop indexing in the event of limited hard drive space
Prevent unwanted iFilters and protocol handlers
Do not allow web search
Prevent indexing certain paths
Prevent indexing certain paths
Default indexed paths
Default indexed paths
Default excluded paths
Default excluded paths
Prevent indexing of certain file types
Turn off storage and display of search history
Allow Cortana
Allow Cortana above lock screen
Allow search and Cortana to use location
Allow Cloud Search
Turn on Security Center (Domain PCs only)
Turn off sensors
Turn off sensors
Turn off location
Turn off location
Turn off location scripting
Turn off location scripting
Do not display Server Manager automatically at logon
Configure the refresh interval for Server Manager
Do not display Initial Configuration Tasks window automatically at logon
Do not display Manage Your Server page at logon
Specify settings for optional component installation and component repair
Do not sync
Do not sync app settings
Do not sync passwords
Do not sync personalize
Do not sync Apps
Do not sync other Windows settings
Do not sync desktop personalization
Do not sync browser settings
Do not sync on metered connections
Do not sync start settings
Specify Windows Service Pack installation file location
Specify Windows installation file location
Turn off handwriting personalization data sharing
Turn off handwriting personalization data sharing
Allow DFS roots to be published
Allow shared folders to be published
Prevent users from sharing files within their profile.
Prevent the computer from joining a homegroup
Prevent access to the command prompt
Prevent access to registry editing tools
Run only specified Windows applications
Don't run specified Windows applications
Do not display the Welcome Center at user logon
Turn off desktop gadgets
Turn off desktop gadgets
Restrict unpacking and installation of gadgets that are not digitally signed.
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn Off user-installed desktop gadgets
Turn Off user-installed desktop gadgets
Prevent the usage of OneDrive for file storage
Prevent OneDrive from generating network traffic until the user signs in to OneDrive
Prevent the usage of OneDrive for file storage on Windows 8.1
Prevent OneDrive files from syncing over metered connections
Save documents to OneDrive by default
Allow certificates with no extended key usage certificate attribute
Allow Integrated Unblock screen to be displayed at the time of logon
Filter duplicate logon certificates
Force the reading of all certificates from the smart card
Allow signature keys valid for Logon
Allow time invalid certificates
Turn on certificate propagation from smart card
Configure root certificate clean up
Turn on root certificate propagation from smart card
Display string when smart card is blocked
Reverse the subject name stored in a certificate when displaying
Prevent plaintext PINs from being returned by Credential Manager
Allow user name hint
Turn on Smart Card Plug and Play service
Notify user of successful smart card driver installation
Allow ECC certificates to be used for logon and authentication
Configure Windows Defender SmartScreen
Configure App Install Control
Configure Windows Defender SmartScreen
Configure Windows Defender SmartScreen
Prevent bypassing Windows Defender SmartScreen prompts for sites
Prevent bypassing Windows Defender SmartScreen prompts for sites
Specify communities
Specify permitted managers
Specify traps for public community
Do not allow Sound Recorder to run
Do not allow Sound Recorder to run
Allow Automatic Update of Speech Data
File Classification Infrastructure: Display Classification tab in File Explorer
File Classification Infrastructure: Specify classification properties list
Customize message for Access Denied errors
Enable access-denied assistance on client for all file types
Clear the recent programs list for new users
Remove Games link from Start Menu
Remove Search Computer link
Remove See More Results / Search Everywhere link
Add Search Internet link to Start Menu
Do not search for files
Do not search Internet
Do not search programs and Control Panel items
Do not search communications
Remove user folder link from Start Menu
Add the Run command to the Start Menu
Show QuickLaunch on Taskbar
Clear history of recently opened documents on exit
Add Logoff to the Start Menu
Gray unavailable Windows Installer programs Start Menu shortcuts
Turn off personalized menus
Lock the Taskbar
Add "Run in Separate Memory Space" check box to Run dialog box
Turn off notification area cleanup
Remove Balloon Tips on Start Menu items
Prevent users from customizing their Start Screen
Clear tile notifications during log on
Pin Apps to Start when installed
Pin Apps to Start when installed
Start Layout
Start Layout
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands
Remove common program groups from Start Menu
Remove Favorites menu from Start Menu
Remove Search link from Start Menu
Remove frequent programs list from the Start Menu
Remove Help menu from Start Menu
Turn off user tracking
Remove All Programs list from the Start menu
Remove Network Connections from Start Menu
Remove pinned programs list from the Start Menu
Do not keep history of recently opened documents
Remove Recent Items menu from Start Menu
Do not use the search-based method when resolving shell shortcuts
Do not use the tracking-based method when resolving shell shortcuts
Remove Run menu from Start Menu
Remove programs on Settings menu
Prevent changes to Taskbar and Start Menu Settings
Remove Default Programs link from the Start menu.
Remove Documents icon from Start Menu
Remove Music icon from Start Menu
Remove Network icon from Start Menu
Remove Pictures icon from Start Menu
Remove user's folders from the Start Menu
Force classic Start Menu
Remove Clock from the system notification area
Prevent grouping of taskbar items
Do not display any custom toolbars in the taskbar
Remove access to the context menus for the taskbar
Hide the notification area
Remove user name from Start Menu
Remove links and access to Windows Update
Remove the "Undock PC" button from the Start Menu
Remove Logoff on the Start Menu
Remove Homegroup link from Start Menu
Remove Downloads link from Start Menu
Remove Recorded TV link from Start Menu
Remove Videos link from Start Menu
Prevent users from uninstalling applications from Start
Change Start Menu power button
Show "Run as different user" command on Start
Go to the desktop instead of Start when signing in
Show the Apps view automatically when the user goes to Start
Search just apps from the Apps view
List desktop apps first in the Apps view
Show Start on the display the user is using when they press the Windows logo key
Force Start to be either full screen size or menu size
Remove the People Bar from the taskbar
Allow downloading updates to the Disk Failure Prediction Model
Turn off Configuration
Turn off System Restore
Turn off AutoComplete integration with Input Panel
Turn off AutoComplete integration with Input Panel
Prevent Input Panel tab from appearing
Prevent Input Panel tab from appearing
For tablet pen input, don’t show the Input Panel icon
For tablet pen input, don’t show the Input Panel icon
For touch input, don’t show the Input Panel icon
For touch input, don’t show the Input Panel icon
Turn off password security in Input Panel
Turn off password security in Input Panel
Include rarely used Chinese, Kanji, or Hanja characters
Include rarely used Chinese, Kanji, or Hanja characters
Turn off tolerant and Z-shaped scratch-out gestures
Turn off tolerant and Z-shaped scratch-out gestures
Disable text prediction
Disable text prediction
Do not allow Inkball to run
Do not allow Inkball to run
Do not allow Windows Journal to be run
Do not allow Windows Journal to be run
Do not allow printing to Journal Note Writer
Do not allow printing to Journal Note Writer
Do not allow Snipping Tool to run
Do not allow Snipping Tool to run
Turn off pen feedback
Turn off pen feedback
Prevent Back-ESC mapping
Prevent Back-ESC mapping
Prevent launch an application
Prevent launch an application
Prevent press and hold
Prevent press and hold
Turn off hardware buttons
Turn off hardware buttons
Prevent Flicks Learning Mode
Prevent Flicks Learning Mode
Prevent flicks
Prevent flicks
Remove the battery meter
Remove the networking icon
Remove the volume control icon
Remove the Security and Maintenance icon
Lock all taskbar settings
Prevent users from adding or removing toolbars
Prevent users from rearranging toolbars
Turn off all balloon notifications
Prevent users from moving taskbar to another screen dock location
Prevent users from resizing the taskbar
Turn off taskbar thumbnails
Remove pinned programs from the Taskbar
Turn off automatic promotion of notification icons to the taskbar
Disable showing balloon notifications as toasts.
Turn off feature advertisement balloon notifications
Do not display or track items in Jump Lists from remote locations
Do not allow pinning programs to the Taskbar
Do not allow pinning items in Jump Lists
Do not allow taskbars on more than one display
Show Windows Store apps on the taskbar
Remove Notifications and Action Center
Do not allow pinning Store app to the Taskbar
Show additional calendar
Prohibit Browse
Prohibit Browse
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
Prohibit Drag-and-Drop
Prohibit Drag-and-Drop
Prevent Task Run or End
Prevent Task Run or End
Hide Property Pages
Hide Property Pages
Prohibit New Task Creation
Prohibit New Task Creation
Prohibit Task Deletion
Prohibit Task Deletion
Set ISATAP State
Set ISATAP Router Name
Set 6to4 State
Set 6to4 Relay Name
Set 6to4 Relay Name Resolution Interval
Set Teredo State
Set Teredo Server Name
Set Teredo Refresh Rate
Set Teredo Client Port
Set Teredo Default Qualified
Set IP-HTTPS State
Set Window Scaling Heuristics State
Set IP Stateless Autoconfiguration Limits State
Allow time zone redirection
Do not allow Clipboard redirection
Remove remote desktop wallpaper
Always show desktop on connection
Allow remote start of unlisted programs
Allow desktop composition for remote desktop sessions
Use RD Connection Broker load balancing
Redirect only the default client printer
Redirect only the default client printer
Set time limit for logoff of RemoteApp sessions
Set time limit for logoff of RemoteApp sessions
Do not allow font smoothing
Select the network adapter to be used for Remote Desktop IP Virtualization
Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
Turn off Fair Share CPU Scheduling
Turn off Windows Installer RDS Compatibility
Turn on Remote Desktop IP Virtualization
Do not allow passwords to be saved
Do not allow passwords to be saved
Set client connection encryption level
Always prompt for password upon connection
Require use of specific security layer for remote (RDP) connections
Require user authentication for remote connections by using Network Level Authentication
Server authentication certificate template
Set RD Gateway authentication method
Enable connection through RD Gateway
Set RD Gateway server address
Automatic reconnection
Limit maximum color depth
Limit number of monitors
Allow users to connect remotely by using Remote Desktop Services
Limit maximum display resolution
Enforce Removal of Remote Desktop Wallpaper
Deny logoff of an administrator logged in to the console session
Configure keep-alive connection interval
Use the specified Remote Desktop license servers
Hide notifications about RD Licensing problems that affect the RD Session Host server
Set the Remote Desktop licensing mode
Limit number of connections
Remove "Disconnect" option from Shut Down dialog
Remove Windows Security item from Start menu
Suspend user sign-in to complete app registration
Set rules for remote control of Remote Desktop Services user sessions
Set rules for remote control of Remote Desktop Services user sessions
Restrict Remote Desktop Services users to a single Remote Desktop Services session
Start a program on connection
Start a program on connection
Do not allow local administrators to customize permissions
Always show desktop on connection
Set Remote Desktop Services User Home Directory
Set path for Remote Desktop Services Roaming User Profile
Use mandatory profiles on the RD Session Host server
Limit the size of the entire roaming user profile cache
License server security group
Prevent license upgrade
Allow audio and video playback redirection
Limit audio playback quality
Allow audio recording redirection
Do not allow Clipboard redirection
Do not allow COM port redirection
Do not set default client printer to be default printer in a session
Use Remote Desktop Easy Print printer driver first
Use Remote Desktop Easy Print printer driver first
Do not allow drive redirection
Do not allow LPT port redirection
Do not allow supported Plug and Play device redirection
Do not allow client printer redirection
Specify RD Session Host server fallback printer driver behavior
Do not allow smart card device redirection
Allow time zone redirection
Require secure RPC communication
Join RD Connection Broker
Configure RD Connection Broker farm name
Use IP Address Redirection
Configure RD Connection Broker server name
End session when time limits are reached
End session when time limits are reached
Set time limit for disconnected sessions
Set time limit for disconnected sessions
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Do not delete temp folders upon exit
Do not use temporary folders per session
Allow .rdp files from unknown publishers
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Allow .rdp files from valid publishers and user's default .rdp settings
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Prompt for credentials on the client computer
Configure server authentication for client
Configure image quality for RemoteFX Adaptive Graphics
Configure RemoteFX Adaptive Graphics
Configure compression for RemoteFX data
Use advanced RemoteFX graphics for RemoteApp
Configure H.264/AVC hardware encoding for Remote Desktop Connections
Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections
Do not allow hardware accelerated decoding
Optimize visual experience for Remote Desktop Service Sessions
Allow RDP redirection of other supported RemoteFX USB devices from this computer
Configure RemoteFX
Optimize visual experience when using RemoteFX
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
Specify default connection URL
Select network detection on the server
Select RDP transport protocols
Turn Off UDP On Client
Use the hardware default graphics adapter for all Remote Desktop Services sessions
Turn off the display of thumbnails and only display icons.
Turn off the display of thumbnails and only display icons on network folders
Turn off the caching of thumbnails in hidden thumbs.db files
Turn off Tablet PC touch input
Turn off Tablet PC touch input
Turn off Touch Panning
Turn off Touch Panning
Configure the level of TPM owner authorization information available to the operating system
Configure the list of blocked TPM commands
Ignore the default list of blocked TPM commands
Ignore the local list of blocked TPM commands
Standard User Lockout Duration
Standard User Individual Lockout Threshold
Standard User Total Lockout Threshold
Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.
Enable Device Health Attestation Monitoring and Reporting
Configure the system to clear the TPM if it is not in a ready state.
Enable UEV
Synchronization timeout
Synchronization timeout
Settings storage path
Settings storage path
Settings package size warning threshold
Settings package size warning threshold
Settings template catalog path
Internet Explorer Common Settings
Internet Explorer Common Settings
Internet Explorer 8
Internet Explorer 8
Internet Explorer 9
Internet Explorer 9
Internet Explorer 10
Internet Explorer 10
Internet Explorer 11
Internet Explorer 11
Calculator
Calculator
Notepad
Notepad
WordPad
WordPad
Microsoft Office 2016 Common Settings
Microsoft Office 2016 Common Settings
Microsoft Access 2016
Microsoft Access 2016
Microsoft Excel 2016
Microsoft Excel 2016
Microsoft Lync 2016
Microsoft Lync 2016
Microsoft Office 2016 Upload Center
Microsoft Office 2016 Upload Center
Microsoft OneDrive for Business 2016
Microsoft OneDrive for Business 2016
Microsoft OneNote 2016
Microsoft OneNote 2016
Microsoft Outlook 2016
Microsoft Outlook 2016
Microsoft PowerPoint 2016
Microsoft PowerPoint 2016
Microsoft Project 2016
Microsoft Project 2016
Microsoft Publisher 2016
Microsoft Publisher 2016
Microsoft Visio 2016
Microsoft Visio 2016
Microsoft Word 2016
Microsoft Word 2016
Common 2016 backup only
Common 2016 backup only
Access 2016 backup only
Access 2016 backup only
Excel 2016 backup only
Excel 2016 backup only
Lync 2016 backup only
Lync 2016 backup only
OneNote 2016 backup only
OneNote 2016 backup only
Outlook 2016 backup only
Outlook 2016 backup only
PowerPoint 2016 backup only
PowerPoint 2016 backup only
Project 2016 backup only
Project 2016 backup only
Publisher 2016 backup only
Publisher 2016 backup only
Visio 2016 backup only
Visio 2016 backup only
Word 2016 backup only
Word 2016 backup only
Microsoft Office 365 Common 2016
Microsoft Office 365 Common 2016
Microsoft Office 365 Access 2016
Microsoft Office 365 Access 2016
Microsoft Office 365 Excel 2016
Microsoft Office 365 Excel 2016
Microsoft Office 365 Lync 2016
Microsoft Office 365 Lync 2016
Microsoft Office 365 OneNote 2016
Microsoft Office 365 OneNote 2016
Microsoft Office 365 Outlook 2016
Microsoft Office 365 Outlook 2016
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 PowerPoint 2016
Microsoft Office 365 Project 2016
Microsoft Office 365 Project 2016
Microsoft Office 365 Publisher 2016
Microsoft Office 365 Publisher 2016
Microsoft Office 365 Visio 2016
Microsoft Office 365 Visio 2016
Microsoft Office 365 Word 2016
Microsoft Office 365 Word 2016
Microsoft Office 2013 Common Settings
Microsoft Office 2013 Common Settings
Microsoft Access 2013
Microsoft Access 2013
Microsoft Excel 2013
Microsoft Excel 2013
Microsoft InfoPath 2013
Microsoft InfoPath 2013
Microsoft Lync 2013
Microsoft Lync 2013
Microsoft Office 2013 Upload Center
Microsoft Office 2013 Upload Center
Microsoft OneDrive for Business 2013
Microsoft OneDrive for Business 2013
Microsoft OneNote 2013
Microsoft OneNote 2013
Microsoft Outlook 2013
Microsoft Outlook 2013
Microsoft PowerPoint 2013
Microsoft PowerPoint 2013
Microsoft Project 2013
Microsoft Project 2013
Microsoft Publisher 2013
Microsoft Publisher 2013
Microsoft SharePoint Designer 2013
Microsoft SharePoint Designer 2013
Microsoft Visio 2013
Microsoft Visio 2013
Microsoft Word 2013
Microsoft Word 2013
Common 2013 backup only
Common 2013 backup only
Access 2013 backup only
Access 2013 backup only
Excel 2013 backup only
Excel 2013 backup only
InfoPath 2013 backup only
InfoPath 2013 backup only
Lync 2013 backup only
Lync 2013 backup only
OneNote 2013 backup only
OneNote 2013 backup only
Outlook 2013 backup only
Outlook 2013 backup only
PowerPoint 2013 backup only
PowerPoint 2013 backup only
Project 2013 backup only
Project 2013 backup only
Publisher 2013 backup only
Publisher 2013 backup only
SharePoint Designer 2013 backup only
SharePoint Designer 2013 backup only
Visio 2013 backup only
Visio 2013 backup only
Word 2013 backup only
Word 2013 backup only
Microsoft Office 365 Common 2013
Microsoft Office 365 Common 2013
Microsoft Office 365 Access 2013
Microsoft Office 365 Access 2013
Microsoft Office 365 Excel 2013
Microsoft Office 365 Excel 2013
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 InfoPath 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 Lync 2013
Microsoft Office 365 OneNote 2013
Microsoft Office 365 OneNote 2013
Microsoft Office 365 Outlook 2013
Microsoft Office 365 Outlook 2013
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 PowerPoint 2013
Microsoft Office 365 Project 2013
Microsoft Office 365 Project 2013
Microsoft Office 365 Publisher 2013
Microsoft Office 365 Publisher 2013
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 SharePoint Designer 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Visio 2013
Microsoft Office 365 Word 2013
Microsoft Office 365 Word 2013
Microsoft Office 2010 Common Settings
Microsoft Office 2010 Common Settings
Microsoft Access 2010
Microsoft Access 2010
Microsoft Excel 2010
Microsoft Excel 2010
Microsoft InfoPath 2010
Microsoft InfoPath 2010
Microsoft OneNote 2010
Microsoft OneNote 2010
Microsoft Lync 2010
Microsoft Lync 2010
Microsoft Outlook 2010
Microsoft Outlook 2010
Microsoft PowerPoint 2010
Microsoft PowerPoint 2010
Microsoft Project 2010
Microsoft Project 2010
Microsoft Publisher 2010
Microsoft Publisher 2010
Microsoft SharePoint Workspace 2010
Microsoft SharePoint Workspace 2010
Microsoft SharePoint Designer 2010
Microsoft SharePoint Designer 2010
Microsoft Word 2010
Microsoft Word 2010
Microsoft Visio 2010
Microsoft Visio 2010
Finance
Finance
Maps
Maps
News
News
Sports
Sports
Travel
Travel
Weather
Weather
Reader
Reader
Games
Games
Music
Music
Video
Video
Synchronize Windows settings
Synchronize Windows settings
Use User Experience Virtualization (UE-V)
Use User Experience Virtualization (UE-V)
Configure Sync Method
Configure Sync Method
VDI Configuration
VDI Configuration
Do not synchronize Windows Apps
Do not synchronize Windows Apps
Tray Icon
First Use Notification
Sync Unlisted Windows Apps
Ping the settings storage location before sync
Ping the settings storage location before sync
Sync settings over metered connections
Sync settings over metered connections
Sync settings over metered connections even when roaming
Sync settings over metered connections even when roaming
Contact IT Link Text
Contact IT URL
Add the Administrators security group to roaming user profiles
Do not check for user ownership of Roaming Profile Folders
Connect home directory to root of the share
Delete cached copies of roaming profiles
Disable detection of slow network connections
Prompt user when a slow network connection is detected
Exclude directories in roaming profile
Leave Windows Installer and Group Policy Software Installation Data
Limit profile size
Only allow local user profiles
Establish timeout value for dialog boxes
Do not log users on with temporary profiles
Maximum retries to unload and update user profile
Prevent Roaming Profile changes from propagating to the server
Wait for remote user profile
Control slow network connection timeout for user profiles
Delete user profiles older than a specified number of days on system restart
Specify network directories to sync at logon/logoff time only
Do not forcefully unload the users registry at user logoff
Set maximum wait time for the network if a user has a roaming user profile or remote home directory
Set roaming profile path for all users logging onto this computer
Set the schedule for background upload of a roaming user profile's registry file while user is logged on
User management of sharing user name, account picture, and domain information with apps (not desktop apps)
Turn off the advertising ID
Download roaming profiles on primary computers only
Set user home folder
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
Choose default folder for recovery password
Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 200
Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
Prevent memory overwrite on restart
Disable new DMA devices when this computer is locked
Configure pre-boot recovery message and URL
Allow enhanced PINs for startup
Configure use of passwords for operating system drives
Reset platform validation data after BitLocker recovery
Disallow standard users from changing the PIN or password
Provide the unique identifiers for your organization
Validate smart card certificate usage rule compliance
Use enhanced Boot Configuration Data validation profile
Choose how BitLocker-protected operating system drives can be recovered
Enforce drive encryption type on operating system drives
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Require additional authentication at startup
Allow network unlock at startup
Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2)
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile for native UEFI firmware configurations
Configure minimum PIN length for startup
Configure use of hardware-based encryption for operating system drives
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN.
Allow Secure Boot for integrity validation
Choose how BitLocker-protected fixed drives can be recovered
Configure use of passwords for fixed data drives
Deny write access to fixed drives not protected by BitLocker
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
Configure use of smart cards on fixed data drives
Enforce drive encryption type on fixed data drives
Configure use of hardware-based encryption for fixed data drives
Choose how BitLocker-protected removable drives can be recovered
Control use of BitLocker on removable drives
Configure use of passwords for removable data drives
Deny write access to removable drives not protected by BitLocker
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
Configure use of smart cards on removable data drives
Enforce drive encryption type on removable data drives
Configure use of hardware-based encryption for removable data drives
Global Configuration Settings
Configure Windows NTP Client
Enable Windows NTP Client
Enable Windows NTP Server
Prohibit connection to non-domain networks when connected to domain authenticated network
Minimize the number of simultaneous connections to the Internet or a Windows Domain
Prohibit connection to roaming Mobile Broadband networks
Disable power management in connected standby mode
Diagnostics: Configure scenario retention
Diagnostics: Configure scenario execution level
Turn off Windows Calendar
Turn off Windows Calendar
Prevent the wizard from running.
Prevent the wizard from running.
Allow only system backup
Disallow locally attached storage as backup target
Disallow network as backup target
Disallow optical media as backup target
Disallow run-once backups
Prohibit installing or uninstalling color profiles
Prohibit installing or uninstalling color profiles
Prohibit access of the Windows Connect Now wizards
Prohibit access of the Windows Connect Now wizards
Configuration of wireless settings using Windows Connect Now
Turn off Auto Exclusions
Allow antimalware service to startup with normal priority
Turn off Windows Defender Antivirus
Configure local administrator merge behavior for lists
Turn off routine remediation
Define addresses to bypass proxy server
Define proxy auto-config (.pac) for connecting to the network
Define proxy server for connecting to the network
Randomize scheduled task times
Allow antimalware service to remain running always
Extension Exclusions
Path Exclusions
Process Exclusions
Turn on protocol recognition
Turn on definition retirement
Specify additional definition sets for network traffic inspection
Configure local setting override for the removal of items from Quarantine folder
Configure removal of items from Quarantine folder
Turn on behavior monitoring
Scan all downloaded files and attachments
Monitor file and program activity on your computer
Turn on raw volume write notifications
Turn off real-time protection
Turn on process scanning whenever real-time protection is enabled
Define the maximum size of downloaded files and attachments to be scanned
Configure local setting override for turn on behavior monitoring
Configure local setting override for monitoring file and program activity on your computer
Configure local setting override for scanning all downloaded files and attachments
Configure local setting override to turn on real-time protection
Configure local setting override for monitoring for incoming and outgoing file activity
Configure monitoring for incoming and outgoing file and program activity
Configure local setting override for the time of day to run a scheduled full scan to complete remediation
Specify the day of the week to run a scheduled full scan to complete remediation
Specify the time of day to run a scheduled full scan to complete remediation
Configure time out for detections requiring additional action
Configure time out for detections in critically failed state
Configure Watson events
Configure time out for detections in non-critical failed state
Configure time out for detections in recently remediated state
Configure Windows software trace preprocessor components
Configure WPP tracing level
Turn off enhanced notifications
Allow users to pause scan
Specify the maximum depth to scan archive files
Specify the maximum size of archive files to be scanned
Specify the maximum percentage of CPU utilization during a scan
Check for the latest virus and spyware definitions before running a scheduled scan
Scan archive files
Turn on catch-up full scan
Turn on catch-up quick scan
Turn on e-mail scanning
Turn on heuristics
Scan packed executables
Scan removable drives
Turn on reparse point scanning
Create a system restore point
Run full scan on mapped network drives
Scan network files
Configure local setting override for maximum percentage of CPU utilization
Configure local setting override for the scan type to use for a scheduled scan
Configure local setting override for schedule scan day
Configure local setting override for scheduled quick scan time
Configure local setting override for scheduled scan time
Turn on removal of items from scan history folder
Specify the interval to run quick scans per day
Start the scheduled scan only when computer is on but not in use
Specify the scan type to use for a scheduled scan
Specify the day of the week to run a scheduled scan
Specify the time for a daily quick scan
Specify the time of day to run a scheduled scan
Define the number of days after which a catch-up scan is forced
Define the number of days before spyware definitions are considered out of date
Define the number of days before virus definitions are considered out of date
Define file shares for downloading definition updates
Turn on scan after signature update
Allow definition updates when running on battery power
Initiate definition update on startup
Define the order of sources for downloading definition updates
Allow definition updates from Microsoft Update
Allow real-time definition updates based on reports to Microsoft MAPS
Specify the day of the week to check for definition updates
Specify the time to check for definition updates
Allow notifications to disable definitions based reports to Microsoft MAPS
Define the number of days after which a catch-up definition update is required
Specify the interval to check for definition updates
Check for the latest virus and spyware definitions on startup
Configure the 'Block at First Sight' feature
Configure local setting override for reporting to Microsoft MAPS
Join Microsoft MAPS
Send file samples when further analysis is required
Specify threats upon which default action should not be taken when detected
Specify threat alert levels at which default action should not be taken when detected
Enable headless UI mode
Suppresses reboot notifications
Suppress all notifications
Display additional text to clients when they need to perform an action
Select cloud protection level
Configure extended cloud check
Prevent users and apps from accessing dangerous websites
Configure Controlled folder access
Configure Attack Surface Reduction rules
Exclude files and paths from Attack Surface Reduction Rules
Configure allowed applications
Configure protected folders
Hide the Virus and threat protection area
Hide the Firewall and network protection area
Hide the App and browser protection area
Prevent users from modifying settings
Hide the Device performance and health area
Hide the Family options area
Hide all notifications
Hide non-critical notifications
Configure customized notifications
Configure customized contact information
Specify contact company name
Specify contact phone number or Skype ID
Specify contact email address or Email ID
Specify contact website
Hide the common dialog back button
Hide the dropdown list of recent files
Hide the common dialog places bar
Items displayed in Places Bar
Turn on Classic Shell
Display confirmation dialog when deleting files
Allow only per user or approved shell extensions
Do not track Shell shortcuts during roaming
Maximum number of recent documents
Turn off caching of thumbnail pictures
Remove CD Burning features
Remove UI to change menu animation setting
Remove UI to change keyboard navigation indicator setting
Remove DFS tab
Hide these specified drives in My Computer
No Entire Network in Network Locations
Remove File menu from File Explorer
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon
Remove Hardware tab
Hides the Manage item on the File Explorer context menu
Remove Shared Documents from My Computer
Remove "Map Network Drive" and "Disconnect Network Drive"
Do not move deleted files to the Recycle Bin
Do not request alternate credentials
Remove Security tab
Remove Search button from File Explorer
Remove File Explorer's default context menu
Prevent access to drives from My Computer
Turn off Windows Key hotkeys
No Computers Near Me in Network Locations
Request credentials for network installations
Maximum allowed Recycle Bin size
Turn off shell protocol protected mode
Turn off shell protocol protected mode
Remove the Search the Internet "Search again" link
Pin Internet search sites to the "Search again" links and the Start menu
Pin Libraries or Search Connectors to the "Search again" links and the Start menu
Verify old and new Folder Redirection targets point to the same share before redirecting
Disable Known Folders
Turn off the display of snippets in Content view mode
Turn off Windows Libraries features that rely on indexed file data
Turn off display of recent search entries in the File Explorer search box
Disable binding directly to IPropertySetStorage without intermediate layers.
Disable binding directly to IPropertySetStorage without intermediate layers.
Turn off numerical sorting in File Explorer
Turn off numerical sorting in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Location where all default Library definition files for users/machines reside.
Location where all default Library definition files for users/machines reside.
Configure Windows Defender SmartScreen
Show lock in the user tile menu
Show sleep in the power options menu
Show hibernate in the power options menu
Do not show the 'new application installed' notification
Start File Explorer with ribbon minimized
Start File Explorer with ribbon minimized
Set a default associations configuration file
Allow the use of remote paths in file shortcut icons
Specify Windows File Protection cache location
Limit Windows File Protection cache size
Set Windows File Protection scanning
Hide the file scan progress window
Windows Defender Firewall: Allow authenticated IPsec bypass
Windows Defender Firewall: Define inbound program exceptions
Windows Defender Firewall: Allow local program exceptions
Windows Defender Firewall: Protect all network connections
Windows Defender Firewall: Do not allow exceptions
Windows Defender Firewall: Allow inbound file and printer sharing exception
Windows Defender Firewall: Allow ICMP exceptions
Windows Defender Firewall: Allow logging
Windows Defender Firewall: Prohibit notifications
Windows Defender Firewall: Define inbound port exceptions
Windows Defender Firewall: Allow local port exceptions
Windows Defender Firewall: Allow inbound remote administration exception
Windows Defender Firewall: Allow inbound Remote Desktop exceptions
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
Windows Defender Firewall: Allow inbound UPnP framework exceptions
Windows Defender Firewall: Define inbound program exceptions
Windows Defender Firewall: Allow local program exceptions
Windows Defender Firewall: Protect all network connections
Windows Defender Firewall: Do not allow exceptions
Windows Defender Firewall: Allow inbound file and printer sharing exception
Windows Defender Firewall: Allow ICMP exceptions
Windows Defender Firewall: Allow logging
Windows Defender Firewall: Prohibit notifications
Windows Defender Firewall: Define inbound port exceptions
Windows Defender Firewall: Allow local port exceptions
Windows Defender Firewall: Allow inbound remote administration exception
Windows Defender Firewall: Allow inbound Remote Desktop exceptions
Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests
Windows Defender Firewall: Allow inbound UPnP framework exceptions
Allow Windows Ink Workspace
Allow suggested apps in Windows Ink Workspace
Prevent Windows Media DRM Internet Access
Prevent Automatic Updates
Do Not Show First Use Dialog Boxes
Prevent Video Smoothing
Prevent CD and DVD Media Information Retrieval
Prevent Media Sharing
Prevent Music File Media Information Retrieval
Prevent Quick Launch Toolbar Shortcut Creation
Prevent Radio Station Preset Retrieval
Prevent Desktop Shortcut Creation
Allow Screen Saver
Prevent Codec Download
Do Not Show Anchor
Hide Privacy Tab
Hide Security Tab
Set and Lock Skin
Configure HTTP Proxy
Configure MMS Proxy
Configure RTSP Proxy
Hide Network Tab
Configure Network Buffering
Streaming Media Protocols
Do not automatically start Windows Messenger initially
Do not automatically start Windows Messenger initially
Do not allow Windows Messenger to be run
Do not allow Windows Messenger to be run
Allow Basic authentication
Allow unencrypted traffic
Disallow Digest authentication
Disallow Negotiate authentication
Disallow Kerberos authentication
Allow CredSSP authentication
Trusted Hosts
Allow remote server management through WinRM
Turn On Compatibility HTTP Listener
Turn On Compatibility HTTPS Listener
Allow Basic authentication
Allow unencrypted traffic
Disallow WinRM from storing RunAs credentials
Disallow Negotiate authentication
Disallow Kerberos authentication
Allow CredSSP authentication
Specify channel binding token hardening level
Allow Remote Shell Access
Specify idle Timeout
MaxConcurrentUsers
Specify maximum amount of memory in MB per Shell
Specify maximum number of processes per Shell
Specify Shell Timeout
Specify maximum number of remote shells per user
Turn off the Store application
Turn off the Store application
Turn off Automatic Download and Install of updates
Turn off Automatic Download of updates on Win8 machines
Turn off the offer to update to the latest version of Windows
Turn off the offer to update to the latest version of Windows
Disable all apps from Windows Store
Only display the private store within the Windows Store app
Only display the private store within the Windows Store app
Windows Automatic Updates
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Remove access to use all Windows Update features
Configure Automatic Updates
Specify intranet Microsoft update service location
Automatic Updates detection frequency
Allow non-administrators to receive update notifications
Allow Automatic Updates immediate installation
Turn on recommended updates via Automatic Updates
Turn on Software Notifications
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
No auto-restart with logged on users for scheduled automatic updates installations
Always automatically restart at the scheduled time
Re-prompt for restart with scheduled installations
Delay Restart for scheduled installations
Reschedule Automatic Updates scheduled installations
Enable client-side targeting
Allow signed updates from an intranet Microsoft update service location
Do not connect to any Windows Update Internet locations
Manage preview builds
Select when Preview Builds and Feature Updates are received
Select when Quality Updates are received
Do not include drivers with Windows Updates
Turn off auto-restart for updates during active hours
Specify deadline before auto-restart for update installation
Remove access to use all Windows Update features
Specify active hours range for auto-restarts
Configure auto-restart required notification for updates
Configure auto-restart reminder notifications for updates
Turn off auto-restart notifications for update installations
Configure auto-restart warning notifications schedule for updates
Specify Engaged restart transition and notification schedule for updates
Update Power Policy for Cart Restarts
Allow updates to be downloaded automatically over metered connections
Do not allow update deferral policies to cause scans against Windows Update
Turn off legacy remote shutdown interface
Timeout for hung logon sessions during shutdown
Require use of fast startup
Display information about previous logons during user logon
Remove logon hours expiration warnings
Set action to take when logon hours expire
Disable or enable software Secure Attention Sequence
Report when logon server was not available during user logon
Report when logon server was not available during user logon
Custom User Interface
Sign-in last interactive user automatically after a system-initiated restart
Turn off Automatic Download and Update of Map Data
Turn off unsolicited network traffic on the Offline Maps settings page
Turn off automatic termination of applications that block or cancel shutdown
Don't allow this PC to be projected to
Require pin for pairing
Set Cost
Require PIN pairing
Prefer PIN pairing
Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering
Custom Instant Search Internet search provider
Force automatic setup for all users
Specify Work Folders settings
Enables the use of Token Broker for AD FS authentication
Register domain joined computers as devices
Turn off tile notifications
Turn off toast notifications
Turn off toast notifications on the lock screen
Turn off notifications network usage
Turn off Quiet Hours
Set the time Quiet Hours begins each day
Set the time Quiet Hours ends each day
Turn off calls during Quiet Hours
Turn off notification mirroring
Set 3G Cost
Set 4G Cost
Set Per-App Cellular Access UI Visibility
Let Windows apps access cellular data
Scope
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
User
User
User
User
User
User
User
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
Machine
User
User
User
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
User
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
User
User
User
User
User
User
User
User
User
User
Machine
User
User
User
User
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
User
User
Machine
User
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
Machine
User
Machine
User
User
User
User
User
Machine
Machine
User
User
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
User
User
User
Machine
Machine
Machine
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
User
Machine
Machine
Machine
User
User
User
Machine
User
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
Machine
User
User
User
User
User
User
Machine
User
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
User
Machine
User
Machine
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
Machine
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
Machine
User
User
Machine
User
User
Machine
User
User
User
User
User
User
User
User
Machine
User
User
User
User
Machine
User
User
Machine
User
User
User
User
Machine
User
Machine
User
User
Machine
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
User
Machine
User
User
User
User
User
Machine
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
User
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
User
User
User
User
User
User
User
User
User
User
Machine
User
User
User
User
User
User
User
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
User
User
Machine
User
User
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
User
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
Machine
User
User
User
User
User
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
Machine
Machine
Machine
Machine
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
User
Machine
User
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
User
User
User
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
User
User
Machine
User
User
User
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
Machine
User
Machine
User
User
User
User
User
User
User
User
User
User
User
User
Machine
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
Machine
Machine
User
Machine
Machine
User
Machine
User
Machine
User
User
Machine
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
User
Machine
Machine
User
User
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
Machine
User
Machine
User
User
Machine
User
User
User
User
User
User
User
User
User
Machine
Machine
Machine
Machine
Policy Path
Windows Components\ActiveX Installer Service
Windows Components\ActiveX Installer Service
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Control Panel\Add or Remove Programs
Windows Components\Data Collection and Preview Builds
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Application Compatibility
Windows Components\Windows Defender Application Guard
Windows Components\Windows Defender Application Guard
Windows Components\Windows Defender Application Guard
Windows Components\Windows Defender Application Guard
Windows Components\Windows Defender Application Guard
Windows Components\Windows Defender Application Guard
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
Windows Components\App Privacy
System\App-V
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Streaming
System\App-V\Reporting
System\App-V\Publishing
System\App-V\Publishing
System\App-V\Publishing
System\App-V\Publishing
System\App-V\Publishing
System\App-V\Publishing
System\App-V\Client Coexistence
System\App-V\Scripting
System\App-V\Integration
System\App-V\Integration
System\App-V\Integration
System\App-V\Integration
System\App-V\CEIP
System\App-V\Virtualization
System\App-V\Virtualization
System\App-V\PackageManagement
System\App-V\PowerManagement
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App Package Deployment
Windows Components\App runtime
Windows Components\App runtime
Windows Components\App runtime
Windows Components\App runtime
Windows Components\App runtime
Windows Components\App runtime
Windows Components\App runtime
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
Windows Components\Attachment Manager
System\Audit Process Creation
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\AutoPlay Policies
Windows Components\Software Protection Platform
Windows Components\Software Protection Platform
Windows Components\Biometrics
Windows Components\Biometrics
Windows Components\Biometrics
Windows Components\Biometrics
Windows Components\Biometrics\Facial Features
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Network\Background Intelligent Transfer Service (BITS)
Windows Components\Camera
Windows Components\Windows Customer Experience Improvement Program
Windows Components\Windows Customer Experience Improvement Program
Network\SSL Configuration Settings
Network\SSL Configuration Settings
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
Windows Components\Cloud Content
System
System
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Application Sharing
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting\Audio & Video
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting
Windows Components\NetMeeting\Options Page
Windows Components\NetMeeting\Options Page
Windows Components\NetMeeting\Options Page
Windows Components\NetMeeting\Options Page
Windows Components\NetMeeting\Options Page
Control Panel
Control Panel
Control Panel
Control Panel
Control Panel
Control Panel
Control Panel\Display
Control Panel\Display
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\Personalization
Control Panel\User Accounts
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
System\Credentials Delegation
Windows Components\Credential User Interface
Windows Components\Credential User Interface
Windows Components\Credential User Interface
Windows Components\Credential User Interface
System\Ctrl+Alt+Del Options
System\Ctrl+Alt+Del Options
System\Ctrl+Alt+Del Options
System\Ctrl+Alt+Del Options
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
Windows Components\Data Collection and Preview Builds
System\Distributed COM\Application Compatibility Settings
System\Distributed COM\Application Compatibility Settings
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Windows Components\Delivery Optimization
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Desktop
Desktop\Active Directory
Desktop\Active Directory
Desktop\Active Directory
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Desktop
Windows Components\Device and Driver Compatibility
Windows Components\Device and Driver Compatibility
Windows Components\Microsoft Secondary Authentication Factor
System\Device Guard
System\Device Guard
System\Device Installation
System\Device Installation
System\Device Installation
System\Device Installation
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Device Installation\Device Installation Restrictions
System\Driver Installation
System\Driver Installation
System\Device Installation
System\Device Installation
System\Device Installation
System\Driver Installation
System\Driver Installation
System\Driver Installation
System\Device Installation
System\Device Installation
System\Device Installation
Network
Windows Components\Digital Locker
Windows Components\Digital Locker
System\Troubleshooting and Diagnostics\Disk Diagnostic
System\Troubleshooting and Diagnostics\Disk Diagnostic
System\Disk NV Cache
System\Disk NV Cache
System\Disk NV Cache
System\Disk NV Cache
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Disk Quotas
System\Display
System\Display
System
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Network\DNS Client
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager
Windows Components\Desktop Window Manager\Window Frame Coloring
Windows Components\Desktop Window Manager\Window Frame Coloring
Windows Components\Desktop Window Manager\Window Frame Coloring
Windows Components\Desktop Window Manager\Window Frame Coloring
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
Windows Components\IME
System\Early Launch Antimalware
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
Windows Components\Edge UI
System
System\Enhanced Storage Access
System\Enhanced Storage Access
System\Enhanced Storage Access
System\Enhanced Storage Access
System\Enhanced Storage Access
System\Enhanced Storage Access
System\Enhanced Storage Access
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
Windows Components\Windows Error Reporting\Consent
Windows Components\Windows Error Reporting\Consent
Windows Components\Windows Error Reporting\Consent
Windows Components\Windows Error Reporting\Consent
Windows Components\Windows Error Reporting\Consent
Windows Components\Windows Error Reporting\Consent
Windows Components\Event Forwarding
Windows Components\Event Forwarding
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Application
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Security
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\Setup
Windows Components\Event Log Service\System
Windows Components\Event Log Service\System
Windows Components\Event Log Service\System
Windows Components\Event Log Service\System
Windows Components\Event Log Service\System
Windows Components\Event Log Service\System
Windows Components\Event Logging
Windows Components\Event Viewer
Windows Components\Event Viewer
Windows Components\Event Viewer
Windows Components\Windows Defender Exploit Guard\Exploit Protection
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\Portable Operating System
Windows Components\Portable Operating System
Windows Components\Portable Operating System
Windows Components\Data Collection and Preview Builds
Windows Components\Microsoft FIDO Authentication
Windows Components\File History
System\Troubleshooting and Diagnostics\Corrupted File Recovery
Windows Components\File Revocation
System\File Share Shadow Copy Provider
System\Filesystem
System\Filesystem
System\Filesystem\NTFS
System\Filesystem\NTFS
System\Filesystem\NTFS
System\Filesystem\NTFS
System\Filesystem
System\Filesystem\NTFS
Windows Components\Find My Device
System\Folder Redirection
System\Folder Redirection
System\Folder Redirection
System\Folder Redirection
System\Folder Redirection
System\Folder Redirection
System\Folder Redirection
Windows Components\File Explorer\Explorer Frame Pane
Windows Components\File Explorer\Explorer Frame Pane
System\Troubleshooting and Diagnostics\Fault Tolerant Heap
Windows Components\Windows Game Recording and Broadcasting
Windows Components\Game Explorer
Windows Components\Game Explorer
Windows Components\Game Explorer
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
System\Locale Services
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
Control Panel\Regional and Language Options
System
Control Panel\Regional and Language Options\Handwriting personalization
Control Panel\Regional and Language Options\Handwriting personalization
System\Group Policy
System\Mitigation Options
System\Mitigation Options
System\Mitigation Options
Network\Fonts
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
System\Group Policy
System\Group Policy\Logging and tracing
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in exten
Windows Components\Handwriting
System
System
System
System
Windows Components\Online Assistance
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
Network\Hotspot Authentication
System\Internet Communication Management
System\Internet Communication Management
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
Windows Components\Internet Information Services
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Administrator Approved Controls
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Content Page
Windows Components\Internet Explorer\Internet Control Panel\Content Page
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Offline Pages
Windows Components\Internet Explorer\Corporate Settings\Code Download
Windows Components\Internet Explorer\Internet Settings\Display settings
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel\Advanced Page
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Control Panel
Windows Components\Internet Explorer\Internet Settings\URL Encoding
Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors
Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors
Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors
Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Consistent Mime Handling
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Notification bar
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Object Caching Protection
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Restrict File Download
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer\Security Features\Add-on Management
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer\Delete Browsing History
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer\Internet Settings\AutoComplete
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors
Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors
Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors
Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Browser menus
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Persistence Behavior
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\RSS Feeds
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Application Compatibility\Clipboard access
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Security Features
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Security Features\AJAX
Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Toolbars
Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explore
Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explore
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Privacy
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Accelerators
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer\Compatibility View
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History
Windows Components\Internet Explorer\Internet Control Panel\General Page
Windows Components\Internet Explorer\Internet Control Panel\General Page
Windows Components\Internet Explorer\Internet Settings
Windows Components\Internet Explorer\Internet Settings
Windows Components\Internet Explorer\Internet Settings
Windows Components\Internet Explorer\Internet Settings
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
Windows Components\Internet Explorer
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
System\iSCSI\iSCSI Target Discovery
System\iSCSI\iSCSI Target Discovery
System\iSCSI\iSCSI Target Discovery
System\iSCSI\iSCSI Target Discovery
System\iSCSI\General iSCSI
System\iSCSI\General iSCSI
System\iSCSI\iSCSI Security
System\iSCSI\iSCSI Security
System\iSCSI\iSCSI Security
System\iSCSI\iSCSI Security
System\KDC
System\KDC
System\KDC
System\KDC
System\KDC
System\KDC
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
System\Kerberos
Network\Lanman Server
Network\Lanman Server
Network\Lanman Server
Network\Lanman Server
Network\Lanman Workstation
Network\Lanman Workstation
Network\Lanman Workstation
Network\Lanman Workstation
System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis
Network\Link-Layer Topology Discovery
Network\Link-Layer Topology Discovery
Windows Components\Location and Sensors\Windows Location Provider
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System
System
System
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
System\Logon
Windows Components\MDM
Windows Components\MDM
Windows Components\Messaging
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Edge
Windows Components\Microsoft Management Console
Windows Components\Microsoft Management Console
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in exte
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy sn
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins
Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins
Windows Components\Windows Mobility Center
Windows Components\Windows Mobility Center
Windows Components\Presentation Settings
Windows Components\Presentation Settings
Windows Components\Microsoft account
Windows Components\Maintenance Scheduler
Windows Components\Maintenance Scheduler
Windows Components\Maintenance Scheduler
System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool
System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool
System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool
System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Windows Components\Windows Installer
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\DirectAccess Client Experience Settings
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
Network\Network Connectivity Status Indicator
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon\DC Locator DNS Records
System\Net Logon
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Connections
Network\Network Isolation
Network\Network Isolation
Network\Network Isolation
Network\Network Isolation
Network\Network Isolation
Network\Network Isolation
Network\Network Isolation
Network\Network Provider
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
Network\Offline Files
System\OS Policies
System\OS Policies
Network\Microsoft Peer-to-Peer Networking Services
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds
Network\Microsoft Peer-to-Peer Networking Services
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business\Phone Sign-in
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
System\PIN Complexity
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
Windows Components\Windows Hello for Business
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Network\BranchCache
Windows Components\Tablet PC\Tablet PC Pen Training
Windows Components\Tablet PC\Tablet PC Pen Training
System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics
System\Troubleshooting and Diagnostics\Windows Performance PerfTrack
System\Power Management\Notification Settings
System\Power Management\Notification Settings
System\Power Management\Notification Settings
System\Power Management\Notification Settings
System\Power Management\Notification Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Button Settings
System\Power Management\Hard Disk Settings
System\Power Management\Hard Disk Settings
System\Power Management
System\Power Management
System\Power Management
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Video and Display Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Notification Settings
System\Power Management\Energy Saver Settings
System\Power Management\Energy Saver Settings
System\Power Management\Sleep Settings
System\Power Management\Sleep Settings
System\Power Management\Power Throttling Settings
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\Windows PowerShell
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Windows Components\File Explorer\Previous Versions
Printers
Printers
Printers
Printers
Control Panel\Printers
Printers
Printers
Control Panel\Printers
Printers
Control Panel\Printers
Control Panel\Printers
Printers
Control Panel\Printers
Control Panel\Printers
Printers
Printers
Printers
Printers
Control Panel\Printers
Printers
Control Panel\Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Control Panel\Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Printers
Control Panel\Programs
Control Panel\Programs
Control Panel\Programs
Control Panel\Programs
Control Panel\Programs
Control Panel\Programs
Control Panel\Programs
Windows Components\Push To Install
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler\DSCP value of non-conforming packets
Network\QoS Packet Scheduler
Network\QoS Packet Scheduler
Network\QoS Packet Scheduler
Network\QoS Packet Scheduler\Layer-2 priority value
Network\QoS Packet Scheduler\Layer-2 priority value
Network\QoS Packet Scheduler\Layer-2 priority value
Network\QoS Packet Scheduler\Layer-2 priority value
Network\QoS Packet Scheduler\Layer-2 priority value
Network\QoS Packet Scheduler\Layer-2 priority value
Windows Components\Windows Reliability Analysis
System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution
System\Recovery
System
Windows Components\Windows Error Reporting\Advanced Error Reporting Settings
System
System
System\Remote Assistance
System\Remote Assistance
System\Remote Assistance
System\Remote Assistance
System\Remote Assistance
System\Remote Assistance
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Removable Storage Access
System\Remote Procedure Call
System\Remote Procedure Call
System\Remote Procedure Call
System\Remote Procedure Call
System\Remote Procedure Call
System\Remote Procedure Call
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Scripts
System\Troubleshooting and Diagnostics\Scripted Diagnostics
System\Troubleshooting and Diagnostics\Scripted Diagnostics
System\Troubleshooting and Diagnostics\Scripted Diagnostics
System\Troubleshooting and Diagnostics\Scheduled Maintenance
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Search
Windows Components\Security Center
Windows Components\Location and Sensors
Windows Components\Location and Sensors
Windows Components\Location and Sensors
Windows Components\Location and Sensors
Windows Components\Location and Sensors
Windows Components\Location and Sensors
System\Server Manager
System\Server Manager
System\Server Manager
System
System
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
Windows Components\Sync your settings
System
System
System\Internet Communication Management\Internet Communication settings
System\Internet Communication Management\Internet Communication settings
Shared Folders
Shared Folders
Windows Components\Network Sharing
Windows Components\HomeGroup
System
System
System
System
Windows Components\File Explorer
Windows Components\Desktop Gadgets
Windows Components\Desktop Gadgets
Windows Components\Desktop Gadgets
Windows Components\Desktop Gadgets
Windows Components\Desktop Gadgets
Windows Components\Desktop Gadgets
Windows Components\OneDrive
Windows Components\OneDrive
Windows Components\OneDrive
Windows Components\OneDrive
Windows Components\OneDrive
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Smart Card
Windows Components\Windows Defender SmartScreen\Explorer
Windows Components\Windows Defender SmartScreen\Explorer
Windows Components\Windows Defender SmartScreen\Microsoft Edge
Windows Components\Windows Defender SmartScreen\Microsoft Edge
Windows Components\Windows Defender SmartScreen\Microsoft Edge
Windows Components\Windows Defender SmartScreen\Microsoft Edge
Network\SNMP
Network\SNMP
Network\SNMP
Windows Components\Sound Recorder
Windows Components\Sound Recorder
Windows Components\Speech
System\File Classification Infrastructure
System\File Classification Infrastructure
System\Access-Denied Assistance
System\Access-Denied Assistance
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
System\Storage Health
System\System Restore
System\System Restore
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Input Panel
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Accessories
Windows Components\Tablet PC\Cursors
Windows Components\Tablet PC\Cursors
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Hardware Buttons
Windows Components\Tablet PC\Pen Flicks Learning
Windows Components\Tablet PC\Pen Flicks Learning
Windows Components\Tablet PC\Pen UX Behaviors
Windows Components\Tablet PC\Pen UX Behaviors
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Start Menu and Taskbar
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Windows Components\Task Scheduler
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\IPv6 Transition Technologies
Network\TCPIP Settings\Parameters
Network\TCPIP Settings\Parameters
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\RD Gateway
Windows Components\Remote Desktop Services\RD Gateway
Windows Components\Remote Desktop Services\RD Gateway
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles
Windows Components\Remote Desktop Services\RD Licensing
Windows Components\Remote Desktop Services\RD Licensing
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for W
Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for W
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for W
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections
Windows Components\Remote Desktop Services\Remote Desktop Connection Client
Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\Tablet PC\Touch Input
Windows Components\Tablet PC\Touch Input
Windows Components\Tablet PC\Touch Input
Windows Components\Tablet PC\Touch Input
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Trusted Platform Module Services
System\Device Health Attestation Service
System\Trusted Platform Module Services
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Applications
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization\Windows Apps
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
Windows Components\Microsoft User Experience Virtualization
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
System\User Profiles
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Operating System Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Fixed Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
Windows Components\BitLocker Drive Encryption\Removable Data Drives
System\Windows Time Service
System\Windows Time Service\Time Providers
System\Windows Time Service\Time Providers
System\Windows Time Service\Time Providers
Network\Windows Connection Manager
Network\Windows Connection Manager
Network\Windows Connection Manager
Network\Windows Connection Manager
System\Troubleshooting and Diagnostics
System\Troubleshooting and Diagnostics
Windows Components\Windows Calendar
Windows Components\Windows Calendar
Windows Components\Add features to Windows 10
Windows Components\Add features to Windows 10
Server
Server
Server
Server
Server
Windows Components\Windows Color System
Windows Components\Windows Color System
Network\Windows Connect Now
Network\Windows Connect Now
Network\Windows Connect Now
Windows Components\Windows Defender Antivirus\Exclusions
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus
Windows Components\Windows Defender Antivirus\Exclusions
Windows Components\Windows Defender Antivirus\Exclusions
Windows Components\Windows Defender Antivirus\Exclusions
Windows Components\Windows Defender Antivirus\Network Inspection System
Windows Components\Windows Defender Antivirus\Network Inspection System
Windows Components\Windows Defender Antivirus\Network Inspection System
Windows Components\Windows Defender Antivirus\Quarantine
Windows Components\Windows Defender Antivirus\Quarantine
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Real-time Protection
Windows Components\Windows Defender Antivirus\Remediation
Windows Components\Windows Defender Antivirus\Remediation
Windows Components\Windows Defender Antivirus\Remediation
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Reporting
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Scan
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\Signature Updates
Windows Components\Windows Defender Antivirus\MAPS
Windows Components\Windows Defender Antivirus\MAPS
Windows Components\Windows Defender Antivirus\MAPS
Windows Components\Windows Defender Antivirus\MAPS
Windows Components\Windows Defender Antivirus\Threats
Windows Components\Windows Defender Antivirus\Threats
Windows Components\Windows Defender Antivirus\Client Interface
Windows Components\Windows Defender Antivirus\Client Interface
Windows Components\Windows Defender Antivirus\Client Interface
Windows Components\Windows Defender Antivirus\Client Interface
Windows Components\Windows Defender Antivirus\MpEngine
Windows Components\Windows Defender Antivirus\MpEngine
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Network Protection
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Attack Surface Reduction
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access
Windows Components\Windows Defender Antivirus\Windows Defender Exploit Guard\Controlled Folder Access
Windows Components\Windows Defender Security Center\Virus and threat protection
Windows Components\Windows Defender Security Center\Firewall and network protection
Windows Components\Windows Defender Security Center\App and browser protection
Windows Components\Windows Defender Security Center\App and browser protection
Windows Components\Windows Defender Security Center\Device performance and health
Windows Components\Windows Defender Security Center\Family options
Windows Components\Windows Defender Security Center\Notifications
Windows Components\Windows Defender Security Center\Notifications
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\Windows Defender Security Center\Enterprise Customization
Windows Components\File Explorer\Common Open File Dialog
Windows Components\File Explorer\Common Open File Dialog
Windows Components\File Explorer\Common Open File Dialog
Windows Components\File Explorer\Common Open File Dialog
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
Windows Components\File Explorer
System\Windows File Protection
System\Windows File Protection
System\Windows File Protection
System\Windows File Protection
Network\Network Connections\Windows Defender Firewall
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Domain Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Network\Network Connections\Windows Defender Firewall\Standard Profile
Windows Components\Windows Ink Workspace
Windows Components\Windows Ink Workspace
Windows Components\Windows Media Digital Rights Management
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player
Windows Components\Windows Media Player\Playback
Windows Components\Windows Media Player\Playback
Windows Components\Windows Media Player\User Interface
Windows Components\Windows Media Player\User Interface
Windows Components\Windows Media Player\User Interface
Windows Components\Windows Media Player\User Interface
Windows Components\Windows Media Player\Networking
Windows Components\Windows Media Player\Networking
Windows Components\Windows Media Player\Networking
Windows Components\Windows Media Player\Networking
Windows Components\Windows Media Player\Networking
Windows Components\Windows Media Player\Networking
Windows Components\Windows Messenger
Windows Components\Windows Messenger
Windows Components\Windows Messenger
Windows Components\Windows Messenger
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Client
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Management (WinRM)\WinRM Service
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Windows Remote Shell
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
Windows Components\Store
System
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update\Windows Update for Business
Windows Components\Windows Update\Windows Update for Business
Windows Components\Windows Update\Windows Update for Business
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Windows Update
Windows Components\Shutdown Options
Windows Components\Shutdown Options
System\Shutdown
Windows Components\Windows Logon Options
Windows Components\Windows Logon Options
Windows Components\Windows Logon Options
Windows Components\Windows Logon Options
Windows Components\Windows Logon Options
Windows Components\Windows Logon Options
System
Windows Components\Windows Logon Options
Windows Components\Maps
Windows Components\Maps
System\Shutdown Options
Windows Components\Connect
Windows Components\Connect
Network\WLAN Service\WLAN Media Cost
Network\Wireless Display
Network\Wireless Display
Network\WLAN Service\WLAN Settings
Windows Components\Instant Search
Windows Components\Work Folders
Windows Components\Work Folders
Windows Components\Work Folders
Windows Components\Device Registration
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Start Menu and Taskbar\Notifications
Network\WWAN Service\WWAN Media Cost
Network\WWAN Service\WWAN Media Cost
Network\WWAN Service\WWAN UI Settings
Network\WWAN Service\Cellular Data Access
Registry Information
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList HKLM\SOFTWARE\Policies\Microsoft\Windows\AxIn
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX HKLM\SOFTWARE\Policies
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!DefaultCategory
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromCDorFloppy
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromInternet
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromNetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddRemovePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoChooseProgramsPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoRemovePage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoSupportInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoWindowsSetupPage
HKLM\Software\Policies\Microsoft\Windows\PreviewBuilds!AllowBuildPreview
HKLM\Software\Policies\Microsoft\Windows\AppCompat!VDMDisallowed
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePropPage
HKLM\Software\Policies\Microsoft\Windows\AppCompat!AITEnable
HKLM\Software\Policies\Microsoft\Windows\AppCompat!SbEnable
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableEngine
HKCU\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableUAR
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableInventory
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AllowAppHVSI_ProviderSet
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AppHVSIClipboardSettings HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!App
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AppHVSIPrintingSettings
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!BlockNonEnterpriseContent
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AllowPersistence
HKLM\SOFTWARE\Policies\Microsoft\AppHVSI!AuditApplicationGuard
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessAccountInfo HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCalendar HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCallHistory HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessCamera HKLM\Software\Policies\Microsoft\Windows
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessContacts HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessEmail HKLM\Software\Policies\Microsoft\Windows\A
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessLocation HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMessaging HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMicrophone HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessMotion HKLM\Software\Policies\Microsoft\Windows\
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessNotifications HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessPhone HKLM\Software\Policies\Microsoft\Windows\A
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessRadios HKLM\Software\Policies\Microsoft\Windows\
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsSyncWithDevices HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTasks HKLM\Software\Policies\Microsoft\Windows\A
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsAccessTrustedDevices HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsRunInBackground HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows\AppPrivacy!LetAppsGetDiagnosticInfo HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\AppV\Client!Enabled
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!PackageInstallationRoot
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!Autoload
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!PackageSourceRoot
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!ReestablishmentRetries
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!ReestablishmentInterval
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!LocationProvider
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!CertFilterForClientSsl
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!VerifyCertificateRevocationList
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!SharedContentStoreMode
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!AllowHighCostLaunch
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!RequirePublishAsAdmin
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Streaming!SupportBranchCache
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Reporting!ReportingEnabled HKLM\SOFTWARE\Policies\Microsoft\AppV\C
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\1!Name HKLM\SOFTWARE\Policies\Microsoft\AppV\Cli
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\2!Name HKLM\SOFTWARE\Policies\Microsoft\AppV\Cli
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\3!Name HKLM\SOFTWARE\Policies\Microsoft\AppV\Cli
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\4!Name HKLM\SOFTWARE\Policies\Microsoft\AppV\Cli
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing\Servers\5!Name HKLM\SOFTWARE\Policies\Microsoft\AppV\Cli
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Publishing!EnablePublishingRefreshUI
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Coexistence!MigrationMode
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Scripting!EnablePackageScripts
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Integration!RoamingFileExclusions
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Integration!RoamingRegistryExclusions
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Integration!IntegrationRootUser
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Integration!IntegrationRootGlobal
HKLM\SOFTWARE\Policies\Microsoft\AppV\CEIP!CEIPEnable
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Virtualization!ProcessesUsingVirtualComponents HKLM\SOFTWARE\Policie
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\Virtualization!EnableDynamicVirtualization
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\PackageManagement!AutoCleanupEnabled
HKLM\SOFTWARE\Policies\Microsoft\AppV\Client\PowerManagement!SyncOnBatteriesEnabled
HKLM\Software\Policies\Microsoft\Windows\Appx!AllowAllTrustedApps
HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDeploymentInSpecialProfiles
HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDevelopmentWithoutDevLicense
HKLM\Software\Policies\Microsoft\Windows\Appx!RestrictAppToSystemVolume
HKLM\Software\Policies\Microsoft\Windows\Appx!RestrictAppDataToSystemVolume
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager!AllowSharedLocalAppData
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!MSAOptional
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Packages\Applications!EnableDynamicContentUriRules HKLM\So
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!BlockHostedAppAccessWinRT
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Audit!ProcessCreationIncludeCmdLine_Enabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform!NoGenTicket
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform!AllowWindowsEntitlementReac
HKLM\SOFTWARE\Policies\Microsoft\Biometrics!Enabled
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Enabled
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Domain Accounts
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!SwitchTimeoutInSeconds
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures!EnhancedAntiSpoofing
HKLM\Software\Policies\Microsoft\Windows\BITS!JobInactivityTimeout
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxDownloadTime
HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth HKLM\Software\Policies\Microsoft\Windows\BI
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\BITS!EnablePeercaching
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxContentAge
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxCacheSize
HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingClient
HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingServer
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthServed
HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerMachine
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerUser
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxFilesPerJob
HKLM\Software\Policies\Microsoft\Windows\BITS!MaxRangesPerFile
HKLM\Software\Policies\Microsoft\Windows\BITS!DisableBranchCache
HKLM\software\Policies\Microsoft\Camera!AllowCamera
HKLM\Software\Policies\Microsoft\SQMClient!CorporateSQMURL
HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId HKLM\Software\Policies\Microsoft\SQMClient\Windows!Stu
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!Functions
HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!EccCurves
HKCU\Software\Policies\Microsoft\Windows\CloudContent!ConfigureWindowsSpotlight HKCU\Software\Policies\Microsoft\W
HKCU\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsSpotlightFeatures
HKCU\Software\Policies\Microsoft\Windows\CloudContent!DisableTailoredExperiencesWithDiagnosticData
HKLM\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsConsumerFeatures
HKLM\Software\Policies\Microsoft\Windows\CloudContent!DisableSoftLanding
HKCU\Software\Policies\Microsoft\Windows\CloudContent!DisableThirdPartySuggestions
HKCU\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsSpotlightOnActionCenter
HKCU\Software\Policies\Microsoft\Windows\CloudContent!DisableWindowsSpotlightWindowsWelcomeExperience
HKCU\Software\Policies\Microsoft\Windows\App Management!COMClassStore
HKLM\Software\Policies\Microsoft\Windows\App Management!COMClassStore
HKCU\Software\Policies\Microsoft\Conferencing!NoAppSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoAllowControl
HKCU\Software\Policies\Microsoft\Conferencing!NoSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDosWindows
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDesktop
HKCU\Software\Policies\Microsoft\Conferencing!NoSharingExplorer
HKCU\Software\Policies\Microsoft\Conferencing!NoTrueColorSharing
HKCU\Software\Policies\Microsoft\Conferencing!NoAudio
HKCU\Software\Policies\Microsoft\Conferencing!NoChangeDirectSound
HKCU\Software\Policies\Microsoft\Conferencing!NoFullDuplex
HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingVideo
HKCU\Software\Policies\Microsoft\Conferencing!NoSendingVideo
HKCU\Software\Policies\Microsoft\Conferencing!MaximumBandwidth
HKCU\Software\Policies\Microsoft\Conferencing!PersistAutoAcceptCalls
HKCU\Software\Policies\Microsoft\Conferencing!NoChat
HKCU\Software\Policies\Microsoft\Conferencing!NoNewWhiteBoard
HKCU\Software\Policies\Microsoft\Conferencing!NoOldWhiteBoard
HKLM\Software\Policies\Microsoft\Conferencing!NoRDS
HKCU\Software\Policies\Microsoft\Conferencing!Use AutoConfig HKCU\Software\Policies\Microsoft\Conferencing!ConfigFile
HKCU\Software\Policies\Microsoft\Conferencing!NoAddingDirectoryServers
HKCU\Software\Policies\Microsoft\Conferencing!NoAutoAcceptCalls
HKCU\Software\Policies\Microsoft\Conferencing!NoChangingCallMode
HKCU\Software\Policies\Microsoft\Conferencing!NoDirectoryServices
HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingFiles
HKCU\Software\Policies\Microsoft\Conferencing!NoSendingFiles
HKCU\Software\Policies\Microsoft\Conferencing!NoWebDirectory
HKCU\Software\Policies\Microsoft\Conferencing!MaxFileSendSize
HKCU\Software\Policies\Microsoft\Conferencing!IntranetSupportURL
HKCU\Software\Policies\Microsoft\Conferencing!CallSecurity
HKCU\Software\Policies\Microsoft\Conferencing!NoAdvancedCalling
HKCU\Software\Policies\Microsoft\Conferencing!NoAudioPage
HKCU\Software\Policies\Microsoft\Conferencing!NoGeneralPage
HKCU\Software\Policies\Microsoft\Conferencing!NoSecurityPage
HKCU\Software\Policies\Microsoft\Conferencing!NoVideoPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl HKCU\Software\Microsoft\Windows\Curren
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceClassicControlPanel
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoControlPanel
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl HKCU\Software\Microsoft\Windows\Curren
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SettingsPageVisibility
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AllowOnlineTips
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispCPL
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispSettingsPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispAppearancePage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispScrSavPage
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveActive
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!SCRNSAVE.EXE
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveTimeOut
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoChangingWallPaper
HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingSoundScheme
HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingMousePointers
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispBackgroundPage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoColorChoice
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThemesTab
HKCU\Software\Policies\Microsoft\Windows\Personalization!ThemeFile
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoVisualStyleChoice
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!SetVisualStyle
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoSizeChoice
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreen
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingLockScreen
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenSlideshow
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenCamera
HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background HKLM\Software\Policies\Microsoft\
HKLM\Software\Policies\Microsoft\Windows\Personalization!ForceStartBackground
HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingStartMenuBackground
HKLM\Software\Policies\Microsoft\Windows\Personalization!LockScreenImage HKLM\Software\Policies\Microsoft\Windows\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!UseDefaultTile
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DefaultLogonDomain
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ExcludedCredentialProviders
HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainPINLogon
HKLM\Software\Policies\Microsoft\Windows\System!BlockDomainPicturePassword
HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainDelayLock
HKLM\Software\Policies\Microsoft\Windows\System!DefaultCredentialProvider
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly HKLM\Software\P
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly HKLM\Software\P
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!RestrictedRemoteAdministration HKLM\Software\Policies
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowProtectedCreds
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnumerateAdministrators
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnableSecureCredentialPrompting
HKLM\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal
HKCU\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableChangePassword
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableLockWorkstation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoLogoff
HKLM\Software\Policies\Microsoft\Windows\DataCollection!AllowTelemetry
HKCU\Software\Policies\Microsoft\Windows\DataCollection!AllowTelemetry
HKLM\Software\Policies\Microsoft\Windows\PreviewBuilds!EnableConfigFlighting HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\DataCollection!TelemetryProxyServer
HKLM\Software\Policies\Microsoft\Windows\DataCollection!CommercialId
HKLM\Software\Policies\Microsoft\Windows\DataCollection!DisableEnterpriseAuthProxy HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\DataCollection!LimitEnhancedDiagnosticDataWindowsAnalytics HKLM\Software
HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList
HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList H
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DODownloadMode
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOGroupId
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMaxUploadBandwidth
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMaxCacheSize
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOAbsoluteMaxCacheSize
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMaxCacheAge
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMonthlyUploadDataCap
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMinBackgroundQos
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOModifyCacheDrive
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMaxDownloadBandwidth
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOPercentageMaxDownloadBandwidth
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMinFileSizeToCache
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOAllowVPNPeerCaching
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMinRAMAllowedToPeer
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMinDiskSizeAllowedToPeer
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization!DOMinBatteryPercentageAllowedToUpload
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceActiveDesktopOn
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktopChanges
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add HKCU\Software\Microsoft
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoAddingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoClosingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoDeletingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoEditingComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoComponents
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoHTMLWallPaper
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper HKCU\Software\Microsoft\Windows\CurrentV
HKCU\Software\Policies\Microsoft\Windows\Directory UI!EnableFilter
HKCU\Software\Policies\Microsoft\Windows\Directory UI!HideDirectoryFolder
HKCU\Software\Policies\Microsoft\Windows\Directory UI!QueryLimit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisablePersonalDirChange
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktop
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktopCleanupWizard
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetIcon
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{450D8FBA-AD25-11D0-98A8-0800361B1103}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetHood
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyComputer
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyDocuments
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsNetHood
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{645FF040-5081-101B-9F08-00AA002F954E}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesRecycleBin
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSaveSettings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCloseDragDropBands
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMovingBands
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoWindowMinimizingShortcuts
HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDeviceFlags
HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDriverShims
HKLM\SOFTWARE\Policies\Microsoft\SecondaryAuthenticationFactor!AllowSecondaryAuthenticationDevice
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!EnableVirtualizationBasedSecurity HKLM\SOFTWARE\Policies\M
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard!DeployConfigCIPolicy HKLM\SOFTWARE\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllSigningEqual
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!InstallTimeout
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSystemRestore
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllowRemoteRPC
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowAdminInstall
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs HKLM\Software\Policies\Microsoft\Wi
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyRemovableDevices
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyUnspecified
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!SimpleText
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!DetailText
HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses HKLM\Software\Policies\Micr
HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing!BehaviorOnFailedVerify
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableBalloonTips
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendGenericDriverNotFoundToWER
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendRequestAdditionalSoftwareToWER
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies HKCU\Software\Policies\Microsoft\Window
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverServerSelection
HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork
HKLM\Software\Policies\Microsoft\System\DFSClient!DfsDcNameDelay
HKCU\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker
HKLM\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!DfdAlertTextOverride
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled
HKLM\Software\Policies\Microsoft\Windows\NvCache!OptimizeBootAndResume
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnablePowerModeState
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableNvCache
HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableSolidStateMode
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enable
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enforce
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Limit HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverLimit
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverThreshold
HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!ApplyToRemovableMedia
HKLM\Software\Policies\Microsoft\Windows\Display!EnableGdiDPIScaling
HKLM\Software\Policies\Microsoft\Windows\Display!DisableGdiDPIScaling
HKLM\Software\Policies\Microsoft\Windows\System!DLT_AllowDomainMode
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AdapterDomainName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!NameServer
HKLM\Software\Policies\Microsoft\System\DNSClient!NV PrimaryDnsSuffix
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterAdapterName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterReverseLookup
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationEnabled
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationOverwritesInConflict
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationRefreshInterval
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationTtl
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!SearchList
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateSecurityLevel
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateTopLevelDomainZones
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableDevolutionLevelControl HKLM\Software\Policies\Microsoft\
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableMulticast
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AppendToMultiLabelName
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartNameResolution
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartProtocolReordering
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!QueryNetBTFQDN
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!PreferLocalOverLowerBindingDNS
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableIdnEncoding
HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableIdnMapping
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisableAccentGradient
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState HKCU\SOFTWARE\Policies\Microsoft\Win
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState HKLM\SOFTWARE\Policies\Microsoft\Wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges
HKCU\software\policies\microsoft\ime\shared!misconvlogging
HKCU\software\policies\microsoft\ime\imejp!SaveAutoTuneDataToFile
HKCU\software\policies\microsoft\ime\imejp!UseHistorybasedPredictiveInput
HKCU\software\policies\microsoft\ime\shared!OpenExtendedDict
HKCU\software\policies\microsoft\ime\shared!SearchPlugin
HKCU\software\policies\microsoft\ime\shared!UserDict
HKCU\software\policies\microsoft\ime\imejp!CodeAreaForConversion
HKCU\software\policies\microsoft\ime\imejp!ShowOnlyPublishingStandardGlyph
HKCU\Software\Policies\Microsoft\InputMethod\Settings\Shared!Enable Cloud Candidate
HKCU\Software\Policies\Microsoft\InputMethod\Settings\CHS!Enable Cloud Candidate
HKCU\Software\Policies\Microsoft\InputMethod\Settings\CHS!Enable Lexicon Update
HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy HKLM\System\CurrentControlSet\Policies\EarlyLaunch
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!TurnOffBackstack
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableMFUTracking
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableRecentApps
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableCharms
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!ShowCommandPromptOnWinX
HKLM\Software\Policies\Microsoft\Windows\EdgeUI!DisableHelpSticker
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableHelpSticker
HKLM\Software\Policies\Microsoft\Windows\EdgeUI!AllowEdgeSwipe
HKCU\Software\Policies\Microsoft\Windows\EdgeUI!AllowEdgeSwipe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoEncryptOnMove
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!RootHubConnectedEnStorDevices
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!LockDeviceOnMachineLock
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisallowLegacyDiskDevices
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisablePasswordAuthentication
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!TCGSecurityActivationDisabled
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled HKLM\Softwar
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL HKLM\Software\Policies\Microsoft\PCHe
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI HKLM\Software\Policies\Microsoft\PCHealth\ErrorRepo
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontShowUI
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone HKLM\Software\Policies\Microsoft\PCHealth\ErrorRe
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeKernelFaults
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKCU\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKLM\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer HKLM\SOFTWARE\Policies\Mic
HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue HKCU\SOFTWARE\Policies\Microsoft\
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue HKLM\SOFTWARE\Policies\Microsoft
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent
HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager
HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding!MaxForwardingRate
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!ChannelAccess
HKLM\System\CurrentControlSet\Services\EventLog\Application!CustomSD
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!ChannelAccess
HKLM\System\CurrentControlSet\Services\EventLog\Security!CustomSD
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!ChannelAccess
HKLM\System\CurrentControlSet\Services\EventLog\Setup!CustomSD
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Enabled
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!AutoBackupLogFiles
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!ChannelAccess
HKLM\System\CurrentControlSet\Services\EventLog\System!CustomSD
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!Retention
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!File
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize
HKLM\Software\Policies\Microsoft\Windows\EventLog\ProtectedEventLogging!EnableProtectedEventLogging HKLM\Software
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL
HKLM\Software\Policies\Microsoft\Windows Defender ExploitGuard\Exploit Protection!ExploitProtectionSettings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AlwaysShowClassicMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreventItemCreationInUsersFilesFolder
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TurnOffSPIAnimations
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoHeapTerminationOnCorruption
HKLM\Software\Policies\Microsoft\Windows\Explorer!AdminInfoUrl
HKLM\Software\Policies\Microsoft\Windows\Explorer!DisableRoamedProfileInit
HKLM\Software\Policies\Microsoft\PortableOperatingSystem!Launcher
HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Hibernate
HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Sleep
HKLM\Software\Policies\Microsoft\Windows\DataCollection!DoNotShowFeedbackNotifications
HKLM\SOFTWARE\Policies\Microsoft\FIDO!AllowExternalDeviceSignon
HKLM\Software\Policies\Microsoft\Windows\FileHistory!Disabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled H
HKCU\Software\Policies\Microsoft\Windows\FileRevocation!DelegatedTuples
HKLM\Software\Policies\Microsoft\Windows\fssProv!EncryptProtocol
HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState HKLM\Software\Policies\Microsoft\Windows\Fil
HKLM\System\CurrentControlSet\Control\FileSystem!LongPathsEnabled
HKLM\System\CurrentControlSet\Policies!NtfsDisableCompression
HKLM\System\CurrentControlSet\Policies!NtfsDisableEncryption
HKLM\System\CurrentControlSet\Policies!NtfsEncryptPagingFile
HKLM\System\CurrentControlSet\Policies!NtfsDisable8dot3NameCreation
HKLM\System\CurrentControlSet\Policies!DisableDeleteNotification
HKLM\System\CurrentControlSet\Policies!NtfsEnableTxfDeprecatedFunctionality
HKLM\SOFTWARE\Policies\Microsoft\FindMyDevice!AllowFindMyDevice
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths
HKCU\Software\Policies\Microsoft\Windows\NetCache!DisableFRAdminPin
HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFo
HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!FolderRedirectionEnableCacheRename
HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR
HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPreviewPane
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoReadingPane
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled HK
HKLM\Software\Policies\Microsoft\Windows\GameDVR!AllowGameDVR
HKLM\Software\Policies\Microsoft\Windows\GameUX!DownloadGameInfo
HKLM\Software\Policies\Microsoft\Windows\GameUX!ListRecentlyPlayed
HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions
HKCU\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect
HKLM\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales HKLM\Software\Policies\Microsoft\Con
HKLM\Software\Policies\Microsoft\Control Panel\International!BlockUserInputMethodsForSignIn
HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales HKCU\Software\Policies\Microsoft\Control
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales HKLM\Software\Policies\Microsoft\Contro
HKCU\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange
HKLM\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange
HKCU\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides
HKLM\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides
HKCU\Software\Policies\Microsoft\Control Panel\International!HideAdminOptions
HKCU\Software\Policies\Microsoft\Control Panel\International!HideCurrentLocation
HKCU\Software\Policies\Microsoft\Control Panel\International!HideLanguageSelection
HKCU\Software\Policies\Microsoft\Control Panel\International!HideLocaleSelectAndCustomize
HKLM\Software\Policies\Microsoft\MUI\Settings!PreferredUILanguages
HKCU\Software\Policies\Microsoft\Control Panel\Desktop!PreferredUILanguages
HKLM\Software\Policies\Microsoft\MUI\Settings!MachineUILock
HKCU\Software\Policies\Microsoft\Control Panel\Desktop!MultiUILanguageID
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffOfferTextPredictions
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffInsertSpace
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffAutocorrectMisspelledWords
HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffHighlightMisspelledWords
HKLM\Software\Policies\Microsoft\Control Panel\International!BlockCleanupOfUnusedPreinstalledLangPacks
HKLM\Software\Policies\Microsoft\InputPersonalization!AllowInputPersonalization
HKCU\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax!1
HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection HKCU\SOFTWARE\Policies\Microsoft\
HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection HKLM\SOFTWARE\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\System!ProcessTSUserLogonAsync
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions!MitigationOptions_FontBocking
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions\ProcessMitigationOptions
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\MitigationOptions\ProcessMitigationOptions
HKLM\Software\Policies\Microsoft\Windows\System!EnableFontProviders
HKLM\Software\Policies\Microsoft\Windows\System!EnableCdp
HKLM\Software\Policies\Microsoft\Windows\System!EnableAppUriHandlers
HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization HKLM\Software\Policies\Microsoft\Windows\
HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimizationOnServerSKU HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay HKLM\Software\Policies\Microsoft\Windows\Sy
HKLM\Software\Policies\Microsoft\Windows\System!ResetDfsClientInfoDuringRefreshPolicy
HKLM\Software\Policies\Microsoft\Windows\System!DisableAOACProcessing
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDefaultForDirectAccess
HKLM\Software\Policies\Microsoft\Windows\System!SlowlinkDefaultToAsync
HKLM\Software\Policies\Microsoft\Windows\System!DisableLGPOProcessing
HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue
HKLM\Software\Policies\Microsoft\Windows\System!AllowX-ForestPolicy-and-RUP
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink HKLM\S
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink HKLM\S
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink HKLM\S
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink HKLM\So
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink HKLM\S
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink HKLM\S
HKCU\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser
HKLM\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DisableAutoADMUpdate
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableBkGndGroupPolicy
HKLM\Software\Policies\Microsoft\Windows\System!DenyUsersFromMachGP
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!ShowPoliciesOnly
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DCOption
HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime HKLM\Software\Policies\Microsoft\Windows\S
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC HKLM\Software\Policies\Microsoft\Window
HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime HKCU\Software\Policies\Microsoft\Windows\Sy
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!GPODisplayName
HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!NewGPOLinksDisabled
HKLM\Software\Policies\Microsoft\Windows\Group Policy!OnlyUseLocalAdminFiles
HKLM\Software\Policies\Microsoft\Windows\System!RSoPLogging
HKLM\Software\Policies\Microsoft\Windows\System!UserPolicyMode
HKLM\Software\Policies\Microsoft\Windows\System!CorpConnStartTimeoutPolicyValue
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5} HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75} HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F} HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D} HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527} HKLM\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel HKLM\Soft
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7} HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18} HKLM\Software\Poli
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel HKLM\Softw
HKCU\Software\Policies\Microsoft\MMC\{6A712058-33C6-4046-BCF9-0EA3A8808EDC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0DA274B5-EB93-47A7-AAFB-65BA532D3FE6}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{17C6249E-BA57-4F69-AE93-4FB3D25CD9D7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1612b55c-243c-48dd-a449-ffc097b19776}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1b767e9a-7be4-4d35-85c1-2e174a7ba951}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{35141B6B-498A-4cc7-AD59-CEF93D89B2CE}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{516FC620-5D34-4B08-8165-6A06B623EDEB}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5C935941-A954-4F7C-B507-885941ECE5C4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{79F92669-4224-476c-9C5C-6EFB4D87DF4A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{949FB894-E883-42C6-88C1-29169720E8CA}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BFCBBEB0-9DF4-4c0c-A728-434EA66A0373}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A8C42CEA-CDB8-4388-97F4-5831F933DA84}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B9CCA4DE-E2B9-4CBD-BF7D-11B6EBFBDDF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CC5746A9-9B74-4be5-AE2E-64379C86E0E4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{CF848D48-888D-4F45-B530-6A201E62A605}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{127537A8-C1ED-40BC-9AE5-C5891DF6B2D4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{45B01F1C-5AC2-458c-9457-42A81B34A26D}!Restrict_Run
HKLM\Software\Policies\Microsoft\Handwriting!PanelDefaultModeDocked
HKLM\Software\Policies\Microsoft\Windows\System!HelpQualifiedRootDir
HKCU\Software\Policies\Microsoft\Windows\System!DisableInHelp
HKLM\Software\Policies\Microsoft\Windows\System!DisableInHelp
HKLM\Software\Policies\Microsoft\Windows\System!DisableHHDEP
HKLM\Software\Policies\Microsoft\Assistance\Client\1.0!NoActiveHelp
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoExplicitFeedback
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoImplicitFeedback
HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoOnlineAssist
HKLM\Software\Policies\Microsoft\Windows\HotspotAuthentication!Enabled
HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication HKCU\Software\Microsoft\Windows\Current
HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication HKLM\Software\Microsoft\Windows\Curren
HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting
HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate
HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines
HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch
HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW
HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport HKLM\Software\Policies\Microsoft\Windows\Window
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess
HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard
HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP
HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP
HKLM\Software\Policies\Microsoft\SQMClient\Windows!CEIPEnable
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!NoActiveProbe
HKLM\Software\Policies\Microsoft\Windows NT\IIS!PreventIISInstall
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-0
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-0
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-0
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-0
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-0
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-0
HKLM\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!L
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LO
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType
HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup
HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHTTP2
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHTTP2
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSSL3Fallback
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED
HKLM\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures
HKCU\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck
HKLM\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Append Completion
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Use AutoComplete
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Disable Script Debugger
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Friendly http errors
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Page_Transitions
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Error Dlg Displayed On Every Error
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!SmoothScroll
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!HideNewEdgeButton
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!HideNewEdgeButton
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Anchor Underline
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize HKCU\Software\Policies\M
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingChannels
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelLogging
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelUI
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingChannels
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoScheduledUpdates
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSubscriptionContent
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CodeBaseSearchPath
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize HKCU\Software\Policies\Microsoft\Intern
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!UTF8URLQuery
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!UTF8URLQuery
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!UrlEncoding
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Background Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Text Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use_DlgBox_Colors
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion!IEAKUpdateUrl
HKCU\Software\Policies\Microsoft\Internet Connection Wizard!DisableICW
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!AuditModeEnabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!AuditModeEnabled
HKCU\Software\Microsoft\Internet Explorer\VersionManager!DownloadVersionList
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RunThisTimeEnabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RunThisTimeEnabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_DomainAllowlist HKLM\Software\Microsoft\Window
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_DomainAllowlist HKCU\Software\Microsoft\Window
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!VersionCheckEnabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!VersionCheckEnabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID HKLM\Software\Microsoft\Windows
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID HKCU\Software\Microsoft\Windows\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMEN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMEN
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors HKLM\Soft
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors HKCU\Softw
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKLM\Software\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKCU\Software\P
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS HKLM\Soft
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS HKCU\Softw
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKLM\Soft
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKCU\Soft
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING HKLM
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING HKCU
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKLM\Softw
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKCU\Softwa
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND HKLM\
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND HKCU\S
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKD
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKD
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKLM\Softw
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKCU\Softw
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING HKLM
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING HKCU\
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKC
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCO
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCO
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKCU
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKLM\Soft
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKCU\Soft
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING HKLM
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING HKCU
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKLM\Soft
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKCU\Soft
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION HKLM
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION HKCU
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) H
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) H
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINST
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINST
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) H
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) H
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLO
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLO
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!*
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HK
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HKC
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTION
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKLM
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKCU
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKLM
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKCU
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKLM
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKCU
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKLM
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKCU
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 HKLM
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 HKCU
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection
HKLM\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA
HKCU\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA
HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover
HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover
HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession
HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
HKLM\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableAutoProxyResultCache
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExternalBranding
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Advanced
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DialupAutodetect
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV9
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV9
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverride
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverride
HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverrideAppRepUnknown
HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!PreventOverrideAppRepUnknown
HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableSecuritySettingsCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableSecuritySettingsCheck
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowser!ITBar7Position
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisplayScriptDownloadFailureUI
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus HKLM\Software\Policies\Microsoft\Internet Ex
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus HKCU\Software\Policies\Microsoft\Internet Exp
HKLM\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites
HKCU\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites
HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation
HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation
HKLM\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE
HKCU\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE
HKLM\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled
HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked Down
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar HKCU\Software\Microsoft\Internet Exp
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTrackingProtection
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoJITSetup
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Groups
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSplash
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoUpdateCheck
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse
HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments
HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow HKLM\Software\Policies\Microso
HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow HKCU\Software\Policies\Microsoft
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Accessibility
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Cache
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!CalendarContact
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Certificates
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Check_If_Default
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Check_Associations
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Colors
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings HKLM\Software\Policies\Microsoft\In
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connwiz Admin Lock
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Fonts
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest HKCU\Software\Policies\Microsoft\Internet Explo
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords HKCU\Software\Policies\Microsoft\Interne
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKLM\Software\Policies\Microsoft\Windows\Curre
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKCU\Software\Policies\Microsoft\Windows\Curre
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage HKCU\Software\Policies\Microsoft\Internet Exp
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Languages
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!links
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Messaging
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Profiles
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Ratings
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ResetWebSettings
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes
HKLM\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFindFiles
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchCustomization
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_HKLM_only
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_options_edit
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_zones_map_edit
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify
HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly
HKLM\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram
HKCU\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram
HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground
HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxySettingsPerUser
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120c
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120c
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockd
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockd
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKLM
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKCU\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockd
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockd
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKLM
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKCU\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalM
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalM
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZon
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZon
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedS
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedS
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTe
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTe
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZ
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZo
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTempla
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTempla
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey HKLM\Software
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey HKCU\Software\
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!140C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1407
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!140C
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!140C
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Hover
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Visited
HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Use Anchor Hover Color
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserClose
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserSaveAs
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileNew
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileOpen
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemSendFeedback
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemNetscapeHelp
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTipOfTheDay
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTutorial
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserContextMenu
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFavorites
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoOpeninNewWnd
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoSelectDownloadDir
HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserOptions
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoReportSiteProblems
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoReportSiteProblems
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoTheaterMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoViewSource
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable AutoImageResize
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Images
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Show image placeholders
HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer!SmartDithering
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit HKCU\Software\Policies\Microsoft\Internet E
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit HKCU\Software\Policies\Microsoft\Internet E
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit HKCU\Software\Policies\Microsoft\Internet E
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit HKCU\Software\Policies\Microsoft\Internet E
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit HKCU\Software\Policies\Microsoft\Internet E
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Print_Background
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove
HKLM\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane
HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear
HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Promp
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Promp
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Promp
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Promp
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_UR
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_UR
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch
HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult
HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DEPOff
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexpl
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplo
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplo
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplor
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSER
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSER
HKCU\Software\Policies\Microsoft\IEAK!NoAutomaticSignup
HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader
HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled
HKCU\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons HKCU\Software\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb
HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked
HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons
HKLM\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar
HKCU\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Interval
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Page
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt
HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall
HKCU\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall
HKLM\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall
HKCU\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing
HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold
HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection
HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall
HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall
HKLM\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities
HKCU\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities
HKLM\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly
HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton
HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!Enable
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!Enable
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!SiteList
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!SiteList
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!RestrictIE
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!RestrictIE
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!ShowMessageWhenOpeningSitesInMicrosoftEdge
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode!ShowMessageWhenOpeningSitesInMicrosoftEdge
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota
HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB
HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB
HKLM\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled
HKCU\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAutoUpgrade
HKLM\Software\Microsoft\Internet Explorer\WMITelemetry!Active
HKCU\Software\Microsoft\Internet Explorer\WMITelemetry!Active
HKLM\Software\Microsoft\Internet Explorer\WMITelemetry!XMLPath
HKCU\Software\Microsoft\Internet Explorer\WMITelemetry!XMLPath
HKLM\Software\Microsoft\Internet Explorer\WMITelemetry!ZoneAllowList
HKCU\Software\Microsoft\Internet Explorer\WMITelemetry!ZoneAllowList
HKLM\Software\Microsoft\Internet Explorer\WMITelemetry!DomainAllowList
HKCU\Software\Microsoft\Internet Explorer\WMITelemetry!DomainAllowList
HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports
HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureiSNSServers
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargetPortals
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargets
HKLM\Software\Policies\Microsoft\Windows\iSCSI!NewStaticTargets
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeIQNName
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RestrictAdditionalLogins
HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeCHAPSecret
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireIPSec
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireMutualCHAP
HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireOneWayCHAP
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EmitLILI
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch HKLM\Software\Micro
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableCbacAndArmor HKLM\Software\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold HKLM\Softw
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!RequestCompoundId
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!PKINITFreshness
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled HKLM\Software\Micro
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled HKLM\Software\Microsoft
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!KdcValidation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch HKLM\Software\
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!StrictTargetContext
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled HKLM\Software\Micr
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!NoRevocationCheck
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!RequireFast
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled HKLM\Software\Policies\Microsoft\Netlogon\
HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize HKLM\System\CurrentControlSet\Co
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!EnableCbacAndArmor
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!AlwaysSendCompoundId
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!DevicePKInitEnabled HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashPublicationForPeerCaching
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashSupportVersion
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!CipherSuiteOrder
HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HonorCipherSuiteOrder
HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation!CipherSuiteOrder
HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation!AllowInsecureGuestAuth
HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation!AllowOfflineFilesforCAShares
HKLM\Software\Policies\Microsoft\Windows\LanmanWorkstation!EnableHandleCachingForCAFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled HK
HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowLLTD
HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowRsp
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableWindowsLocationProvider
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRun
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonType
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon!SyncForegroundPolicy
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStatusMessages
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!VerboseStatus
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideFastUserSwitching
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStartupSound
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableFirstLogonAnimation
HKLM\Software\Policies\Microsoft\Windows\System!UseOEMBackground
HKLM\Software\Policies\Microsoft\Windows\System!DontDisplayNetworkSelectionUI
HKLM\Software\Policies\Microsoft\Windows\System!DontEnumerateConnectedUsers
HKLM\Software\Policies\Microsoft\Windows\System!EnumerateLocalUsers
HKLM\Software\Policies\Microsoft\Windows\System!BlockUserFromShowingAccountDetailsOnSignin
HKLM\Software\Policies\Microsoft\Windows\System!DisableLockScreenAppNotifications
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM!DisableRegistration
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\MDM!AutoEnrollMDM
HKLM\Software\Policies\Microsoft\Windows\Messaging!AllowMessageSync
HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI!ShowOneBox
HKCU\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI!ShowOneBox
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!Use FormSuggest
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!Use FormSuggest
HKLM\Software\Policies\Microsoft\MicrosoftEdge\F12!AllowDeveloperTools
HKCU\Software\Policies\Microsoft\MicrosoftEdge\F12!AllowDeveloperTools
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!DoNotTrack
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!DoNotTrack
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Extensions!ExtensionsEnabled
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Extensions!ExtensionsEnabled
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowInPrivate
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowInPrivate
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!FormSuggest Passwords
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!FormSuggest Passwords
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPopups
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AllowPopups
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browse
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browse
HKLM\Software\Policies\Microsoft\MicrosoftEdge\SearchScopes!ShowSearchSuggestionsGlobal
HKCU\Software\Policies\Microsoft\MicrosoftEdge\SearchScopes!ShowSearchSuggestionsGlobal
HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!EnabledV9
HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!EnabledV9
HKLM\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI!AllowWebContentOnNewTabPage
HKCU\Software\Policies\Microsoft\MicrosoftEdge\ServiceUI!AllowWebContentOnNewTabPage
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!AlwaysEnableBooksLibrary
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!AlwaysEnableBooksLibrary
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!Cookies
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!Cookies
HKLM\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch!SetDefaultSearchEngine
HKCU\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch!SetDefaultSearchEngine
HKLM\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch!ConfigureAdditionalSearchEngines
HKCU\Software\Policies\Microsoft\MicrosoftEdge\OpenSearch!ConfigureAdditionalSearchEngines
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites!ConfiguredFavorites
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Favorites!ConfiguredFavorites
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode!SiteList
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main\EnterpriseMode!SiteList
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!HideLocalHostIP
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!HideLocalHostIP
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ProvisionedHomePages
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!ProvisionedHomePages
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!DisableLockdownOfStartPages
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings!DisableLockdownOfStartPages
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites!LockdownFavorites
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Favorites!LockdownFavorites
HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverride
HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverride
HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverrideAppRepUnknown
HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverrideAppRepUnknown
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings\ProvisionedFavorites
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings\ProvisionedFavorites
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!SendIntranetTraffictoInternetExplorer
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!SendIntranetTraffictoInternetExplorer
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!ShowMessageWhenOpeningSitesInInternetExplorer
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!ShowMessageWhenOpeningSitesInInternetExplorer
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventAccessToAboutFlagsInMicrosoftEdge
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventAccessToAboutFlagsInMicrosoftEdge
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventLiveTileDataCollection
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventLiveTileDataCollection
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventFirstRunPage
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!PreventFirstRunPage
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Main!SyncFavoritesBetweenIEAndMicrosoftEdge
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Main!SyncFavoritesBetweenIEAndMicrosoftEdge
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Security!FlashClickToRunMode
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Security!FlashClickToRunMode
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Privacy!ClearBrowsingHistoryOnExit
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Privacy!ClearBrowsingHistoryOnExit
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Addons!FlashPlayerEnabled
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Addons!FlashPlayerEnabled
HKLM\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation!MSCompatibilityMode
HKCU\Software\Policies\Microsoft\MicrosoftEdge\BrowserEmulation!MSCompatibilityMode
HKCU\Software\Policies\Microsoft\MMC!RestrictAuthorMode
HKCU\Software\Policies\Microsoft\MMC!RestrictToPermittedSnapins
HKCU\Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1AA7F83C-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1F5EEC01-1214-4D94-80C5-4BDCD2014DDD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3F276EB4-70EE-11D1-8A0F-00C04FB93753}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE450B-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9EC88934-C774-11d1-87F4-00C04FC2C17B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4502-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{634BDE40-E5E1-49A1-B2CD-140FFFC830F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2E19B602-48EB-11d2-83CA-00104BCA42CF}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4508-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4500-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90810502-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90810500-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{90810504-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{6E8E0081-19CD-11D1-AD91-00AA00B8E05A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{6d8880af-e518-43a8-986c-1ad21c4c976e}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4506-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{34AB8E82-C27E-11D1-A6C0-00C04FB94F17}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5880CD5C-8EC0-11d1-9570-0060B0576642}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{243E20B0-48ED-11D2-97DA-00A024D77700}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C2FE4504-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DAB1A262-4FD7-11D1-842C-00C04FB6C218}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B1AFF7D0-0C49-11D1-BB12-00C04FC9A3A3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{58221C69-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{03f1f940-a0f2-11d0-bb77-00aa00a1eab7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7AF60DD3-4979-11D1-8A6C-00C04FC33566}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run HKCU\Software\Policies\
HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run HKCU\Software\Policies\M
HKCU\Software\Policies\Microsoft\MMC\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3060E8CE-7020-11D2-842D-00C04FA372D4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B6664F-4972-11D1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66650-4972-11D1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{942A8E4F-A261-11D1-A760-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{06993B16-A5C7-47EB-B61C-B1CB7EE600AC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{2DA6AA7F-8C88-4194-A558-0D36E7FD3E64}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AE-EF3A-41C8-A911-37370C331DD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AF-EF3A-41C8-A911-37370C331DD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{c40d66a0-e90c-46c6-aa3b-473e38c72bf2}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{d524927d-6c08-46bf-86af-391534d779d3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66660-4972-11d1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{40B66661-4972-11d1-A7CA-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{fe883157-cebd-4570-b7a2-e4fe06abe626}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7E45546F-6D52-4D10-B702-9C2E67232E62}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{de751566-4cc6-11d1-8ca0-00c04fc297eb}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A994E107-6854-4F3D-917C-E6F01670F6D3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{74246bfc-4c96-11d0-abef-0020af6b0b7a}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{43668E21-2636-11D1-A1CE-0080C88593A5}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{D2779945-405B-4ACE-8618-508F3E3054AC}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FF5903A8-78D6-11D1-92F6-006097B01056}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{89cc9588-7628-4d29-8e4a-6550d0087059}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA2-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{57C596D0-9370-40C0-BA0D-AB491B63255D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{18BA7139-D98B-43c2-94DA-2604E34E175D}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{6630f2d7-bd52-4072-bfa7-863f3d0c5da0}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3D5D035E-7721-4B83-A645-6C07A3D403B7}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{45ac8c63-23e2-11d1-a696-00c04fd58bc3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{23DC5869-BD9F-46fd-AADD-1F869BA64FC3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{9FE24B92-C23D-451c-8045-73038D99E620}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{C11D2F3B-E2F4-4e5b-824B-84A87AB0F666}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc35-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc37-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{dbfca500-8c31-11d0-aa2c-00a0c92749a3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{813C1B01-6624-4922-9C6C-03C315646584}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f9f63d92-6225-410b-bb02-26239b8f1f59}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{671ee405-c969-4af9-ad1b-65e96b3b9a10}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f78fbadd-c21a-4e0a-b53d-c879a9c8f002}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46c-1297-4474-9cdf-831ebb245f49}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46e-1297-4474-9cdf-831ebb245f49}!Restrict_Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings
HKLM\Software\Policies\Microsoft\MicrosoftAccount!DisableUserAuth
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Activation Boundary
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!WakeUp
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled HK
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!DisableQueryRemoteServer
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled H
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownBrowse
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownMedia
HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownPatch
HKCU\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated
HKLM\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableAutomaticApplicationShutdown
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableBrowse
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableFlyweightPatching
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLoggingFromPackage
HKCU\Software\Policies\Microsoft\Windows\Installer!DisableMedia
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableMSI
HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatch
HKCU\Software\Policies\Microsoft\Windows\Installer!DisableRollback
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableRollback
HKLM\Software\Policies\Microsoft\Windows\Installer!EnableUserControl
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLUAPatching
HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatchUninstall
HKLM\Software\Policies\Microsoft\Windows\Installer!LimitSystemRestoreCheckpointing
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableUserInstalls
HKLM\Software\Policies\Microsoft\Windows\Installer!EnforceUpgradeComponentRules
HKLM\Software\Policies\Microsoft\Windows\Installer!MaxPatchCacheSize
HKLM\Software\Policies\Microsoft\Windows\Installer!Logging
HKLM\Software\Policies\Microsoft\Windows\Installer!SafeForScripting
HKCU\Software\Policies\Microsoft\Windows\Installer!SearchOrder
HKLM\Software\Policies\Microsoft\Windows\Installer!TransformsSecure
HKLM\Software\Policies\Microsoft\Windows\Installer!DisableSharedComponent
HKLM\Software\Policies\Microsoft\Windows\Installer!MsiDisableEmbeddedUI
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!SupportEmail
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!FriendlyName
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!ShowUI
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!NamePreferenceAllowed
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!PassiveMode
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes!Probe
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs!DTE
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\CustomCommands!CustomCommand
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!WebProbeUrl
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeHost
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeContent
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!SitePrefixes
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DomainLocationDet
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!DisablePassivePolling
HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!UseGlobalDns
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidPdcOnWan
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryInitialPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryMaximumPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryQuitTime
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundSuccessfulRefreshPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!dbFlag
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ExpectedDialupDelay
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!MaximumLogFileSize
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NegativeCachePeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveScriptsShareAccess
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NonBackgroundSuccessfulRefreshPeriod
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ScavengeInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteName
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveSysvolShareAccess
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowSingleLabelDnsDomain
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowDnsSuffixSearch
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AutoSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsAvoidRegisterRecords
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsRefreshInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsTtl
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!GcSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvPriority
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvWeight
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NdncSiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteCoverage
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!UseDynamicDns
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!TryNextClosestSite
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ForceRediscoveryInterval
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressTypeReturned
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowNT4Crypto
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!IgnoreIncomingMailslotMessages
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidFallbackNetbiosDiscovery
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressLookupOnPingBehavior
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!PingUrgencyMode
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AddRemoveComponents
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AdvancedSettings
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowAdvancedTCPIPConfig
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowNetBridge_NLA
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_ChangeBindState
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteAllUserConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DialupPrefs
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_EnableAdminProhibits
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_IpStateChecking
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanChangeProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanConnect
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_NewConnectionWizard
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_PersonalFirewallConfig
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasAllUserProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasChangeProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasConnect
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasMyProperties
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameAllUserRasConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameLanConnection
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameMyRasConnection
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_ShowSharedAccessUI
HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_Statistics
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_StdDomainUserSetLocation
HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_DoNotShowLocalOnlyIcon
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Force_Tunneling
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainProxies
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainLocalProxies
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainSubnets
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DProxiesAuthoritive
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DSubnetsAuthoritive
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!CloudResources
HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!NeutralResources
HKLM\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths
HKLM\Software\Policies\Microsoft\Windows\NetCache!AlwaysPinSubFolders
HKCU\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders
HKLM\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders
HKCU\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions
HKLM\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions
HKLM\Software\Policies\Microsoft\Windows\NetCache!DefCacheSize
HKLM\Software\Policies\Microsoft\Windows\NetCache!Enabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!EncryptCache
HKCU\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel
HKLM\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel
HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludeExtensions
HKCU\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction
HKLM\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline
HKCU\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList
HKLM\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList
HKCU\Software\Policies\Microsoft\Windows\NetCache!NoReminders
HKLM\Software\Policies\Microsoft\Windows\NetCache!NoReminders
HKLM\Software\Policies\Microsoft\Windows\NetCache!PurgeAtLogoff HKLM\Software\Policies\Microsoft\Windows\NetCache
HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes
HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes
HKCU\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds
HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds
HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkSpeed
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon
HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend
HKLM\Software\Policies\Microsoft\Windows\NetCache!EconomicalAdminPinning
HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled HKLM\Software\Policies\Microsoft\Windows\NetCa
HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit HKLM\Software\Policies\Microsoft\Windows\NetCa
HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled HKLM\Software\Policies\Microsoft\Windows
HKLM\Software\Policies\Microsoft\Windows\NetCache!OnlineCachingLatencyThreshold
HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludedFileTypes
HKCU\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncEnabledForCostedNetwork
HKLM\Software\Policies\Microsoft\Windows\System!EnableActivityFeed
HKLM\Software\Policies\Microsoft\Windows\System!PublishUserActivities
HKLM\Software\policies\Microsoft\Peernet!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer HKLM\Software\policies\Microsoft\Peernet\Pnrp\IP
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!Disabled
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SearchOnly
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer
HKLM\Software\policies\Microsoft\Peernet!IgnoreDomainPasswordPolicyForNewGroups
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!Enabled
HKCU\SOFTWARE\Policies\Microsoft\PassportForWork!Enabled
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!RequireSecurityDevice HKLM\SOFTWARE\Policies\Microsoft\PassportF
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinBio\Credential Provider!Domain Accounts
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!EnablePinRecovery
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\Remote!Enabled
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!MinimumPINLength
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!MaximumPINLength
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!UppercaseLetters
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!LowercaseLetters
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!SpecialCharacters
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!Digits
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!History
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\PINComplexity!Expiration
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!UseCertificateForOnPremAuth
HKCU\SOFTWARE\Policies\Microsoft\PassportForWork!UseCertificateForOnPremAuth
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\DeviceUnlock!GroupA HKLM\SOFTWARE\Policies\Microsoft\PassportF
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork\DynamicLock!DynamicLock HKLM\SOFTWARE\Policies\Microsoft\Pass
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!DisableSmartCardNode
HKLM\SOFTWARE\Policies\Microsoft\PassportForWork!AllowAllUserAccessToSmartCardNode
HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePcaUI
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled HK
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled HKLM
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service!Enable
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication!SizePercent
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection!Location
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching!Enable
HKLM\Software\Policies\Microsoft\Windows\NetCache!PeerCachingLatencyThreshold
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Discovery!SCPDiscoveryEnabled
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service\Versioning!PreferredContentInformationVersion
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\MultipleServers
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Retrieval!SegmentTTL
HKCU\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining
HKLM\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled HKL
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled H
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled H
HKLM\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170a!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme
HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme
HKCU\Software\Policies\Microsoft\Windows\System\Power!PromptPasswordOnResume
HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!DCSettingIndex
HKLM\Software\Policies\Microsoft\Windows NT!DontPowerOffAfterShutdown
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\E69653CA-CF7F-4F05-AA73-CB833FA90AD4!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\E69653CA-CF7F-4F05-AA73-CB833FA90AD4!DCSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9!ACSettingIndex
HKLM\Software\Policies\Microsoft\Power\PowerSettings\f15576e8-98b7-4186-b944-eafa664402d9!DCSettingIndex
HKLM\System\CurrentControlSet\Control\Power\PowerThrottling!PowerThrottlingOff
HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts HKLM\Software\Policies\Microsoft\Windows\PowerSh
HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts HKCU\Software\Policies\Microsoft\Windows\PowerSh
HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKLM\Software\Policies\Mic
HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKCU\Software\Policies\Micr
HKLM\Software\Policies\Microsoft\Windows\PowerShell\Transcription!EnableTranscripting HKLM\Software\Policies\Microsoft
HKCU\Software\Policies\Microsoft\Windows\PowerShell\Transcription!EnableTranscripting HKCU\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging!EnableScriptBlockLogging HKLM\Software\Polici
HKCU\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging!EnableScriptBlockLogging HKCU\Software\Policie
HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath HKLM\Softwar
HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath HKCU\Software
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage
HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore
HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore
HKCU\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries
HKLM\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPrinting
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ApplicationDriverIsolation
HKLM\Software\Policies\Microsoft\Windows NT\Printers!SupportLink
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State HKLM\Software\Policies\Micro
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Downlevel Browse
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceCSREMFDespooling
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceSoftwareRasterization
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Printers Page URL
HKLM\Software\Policies\Microsoft\Windows NT\Printers!KMPrintersAreBlocked
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAddPrinter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDeletePrinter
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State HKLM\Software\Policies\M
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList HKCU\Softwa
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList HKLM\Softw
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocation
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocationSupport
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted HKCU\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted HKLM\Software\Policies\Microsoft\Window
HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Default Search Scope
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ServerThread
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationExecutionPolicy
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationOverrideCompat
HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate
HKLM\Software\Policies\Microsoft\Windows NT\Printers!V4DriverDisallowPrinterExtension
HKLM\Software\Policies\Microsoft\Windows NT\Printers!MXDWUseLegacyOutputFormatMSXPS
HKLM\Software\Policies\Microsoft\Windows NT\Printers!ShowJobTitleInEventLogs
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows!LegacyDefaultPrinterMode
HKLM\Software\Policies\Microsoft\Windows NT\Printers!RegisterSpoolerRemoteRpcEndPoint
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Auto Publishing
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruneDownlevel
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningInterval
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningPriority
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetries
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetryLog
HKLM\Software\Policies\Microsoft\Windows NT\Printers!PublishPrinters
HKLM\Software\Policies\Microsoft\Windows NT\Printers!VerifyPublishedState
HKLM\Software\Policies\Microsoft\Windows NT\Printers!Immortal
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsCPL
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsAndFeatures
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoInstalledUpdates
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoDefaultPrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsMarketplace
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoGetPrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsFeatures
HKLM\Software\Policies\Microsoft\PushToInstall!DisablePushToInstall
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeQualitative
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeQualitative
HKLM\Software\Policies\Microsoft\Windows\Psched!MaxOutstandingSends
HKLM\Software\Policies\Microsoft\Windows\Psched!NonBestEffortLimit
HKLM\Software\Policies\Microsoft\Windows\Psched!TimerResolution
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeBestEffort
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeControlledLoad
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeGuaranteed
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNetworkControl
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNonConforming
HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeQualitative
HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMI!WMIEnable
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled HK
HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE!DisableSetup
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled HKLM\Software\Policies\Microsoft\Windows N
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeShutdownErrs
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!SnapShot
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn HKLM\Software\Policies\Microsoft\Windows
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!LoggingEnabled
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!CreateEncryptedOnlyTickets
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization HKLM\Software\policies\Micro
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages HKLM\Software\policies\Microsoft\W
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp HKLM\Software\policies\Microsoft\Wind
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited HKLM\Software\policies\Microsoft\Wind
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state HKCU\Software\Policies\
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state HKLM\Software\Policies
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wri
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wr
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Exe
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKCU\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKLM\Software\Poli
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write HKCU\Software\Pol
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write HKLM\Software\Po
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wri
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wr
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Exe
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wri
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wr
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Exe
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Rea
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wri
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Wr
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Exe
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_R
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_R
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_W
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_W
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!AllowRemoteDASD
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!EnableAuthEpResolution
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation HKLM\Software\Policies\Microsoft\Windows NT\Rp
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!IgnoreDelegationFailure
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!MinimumConnectionTimeout
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!RestrictRemoteClients
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!StateInformation
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!MaxGPOScriptWait
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLegacyLogonScripts
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogoffScripts
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogonScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunComputerPSScriptsFirst
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunUserPSScriptsFirst
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunUserPSScriptsFirst
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideShutdownScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunStartupScriptSync
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideStartupScripts
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!Allow-LogonScript-NetbiosDisabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!ValidateTrust
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!EnableDiagnostics
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!EnableQueryRemoteServer
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution HKLM\SOFTWARE\Policies\Microsoft
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableBackoff
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventRemoteQueries
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexOnBattery
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowUsingDiacritics
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AlwaysUseAutoLangDetection
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableRemovableDriveIndexing
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWeb
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWebOverMeteredConnections
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy HKLM\SOFTWARE\Policies\Microso
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch HKLM\SOFTWARE\Policies\Mic
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AutoIndexSharedFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!FavoriteLocations
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventUsingAdvancedIndexingOptions
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOfflineFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingUncachedExchangeFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableIndexingDelegateMailboxes
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes HKLM\SOFTWARE\Policies
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOutlook
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingEmailAttachments
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!RichAttachmentPreviews
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingPublicFolders
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DataDirectory
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PrimaryIntranetSearchScopeUrl
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SecondaryIntranetSearchScopeUrl
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreviewPaneLocation
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SearchResultIconSize
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingLowDiskSpaceMB
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventUnwantedAddins
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableWebSearch
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0 HKLM\SOFTWARE\Policies\Mi
HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer!DisableSearchHistory
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCortana
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCortanaAboveLock
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowSearchToUseLocation
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowCloudSearch HKLM\SOFTWARE\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows NT\Security Center!SecurityCenterInDomain
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation
HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting
HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting
HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!DoNotOpenAtLogon
HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks!DoNotOpenAtLogon
HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYS!DisableShowAtLogon
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing!LocalSourcePath HKLM\Software\Microsoft\Windows\
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync HKLM\Software\Policies\Microsoft\Windows\Se
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync HKLM\Software\Policies\Microsoft\
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSyncOnPaidNetwork
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows NT\Setup!ServicePackSourcePath
HKLM\Software\Policies\Microsoft\Windows NT\Setup!SourcePath
HKLM\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing
HKCU\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing
HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishDfsRoots
HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishSharedFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInplaceSharing
HKLM\Software\Policies\Microsoft\Windows\HomeGroup!DisableHomeGroup
HKCU\Software\Policies\Microsoft\Windows\System!DisableCMD
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun HKCU\Software\Microsoft\Windows\Curren
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun HKCU\Software\Microsoft\Windows\Curre
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictWelcomeCenter
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets
HKLM\Software\Policies\Microsoft\Windows\OneDrive!DisableFileSyncNGSC
HKLM\SOFTWARE\Microsoft\OneDrive!PreventNetworkTrafficPreUserSignIn
HKLM\Software\Policies\Microsoft\Windows\OneDrive!DisableFileSync
HKLM\Software\Policies\Microsoft\Windows\OneDrive!DisableMeteredNetworkFileSync
HKLM\Software\Policies\Microsoft\Windows\OneDrive!DisableLibrariesDefaultSaveToOneDrive
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowCertificatesWithNoEKU
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowIntegratedUnblock
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!FilterDuplicateCerts
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ForceReadingAllCertificates
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowSignatureOnlyKeys
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowTimeInvalidCertificates
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!CertPropEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!RootCertificateCleanupOption
HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!EnableRootCertificatePropagation
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!IntegratedUnblockPromptString
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ReverseSubject
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!DisallowPlaintextPin
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!X509HintsNeeded
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!EnableScPnP
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!ScPnPNotification
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!EnumerateECCCerts
HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen HKLM\Software\Policies\Microsoft\Windows\System
HKLM\Software\Policies\Microsoft\Windows Defender\SmartScreen!ConfigureAppInstallControl
HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!EnabledV9
HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!EnabledV9
HKLM\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverride
HKCU\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter!PreventOverride
HKLM\Software\Policies\SNMP\Parameters\ValidCommunities
HKLM\Software\Policies\SNMP\Parameters\PermittedManagers
HKLM\Software\Policies\SNMP\Parameters\TrapConfiguration\public
HKCU\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec
HKLM\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec
HKLM\Software\Policies\Microsoft\Speech!AllowSpeechModelUpdate
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!EnableManualUX
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!CentralClassificationList
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled HKLM\SOFTWARE\Policies\Microsoft\Windows\A
HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!EnableShellExecuteFileStreamCheck
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentProgForNewUserInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyGames
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchComputerLinkInStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchEverywhereLinkInStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!AddSearchInternetLinkInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchFilesInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchInternetInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchProgramsInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchCommInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserFolderInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceRunOnStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!QuickLaunchEnabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentDocsOnExit
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceStartMenuLogOff
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!GreyMSIAds
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Intellimenus
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LockTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MemCheckBoxInRunDlg
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoTrayNotify
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMBalloonTip
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeStartMenu
HKCU\Software\Policies\Microsoft\Windows\Explorer!ClearTilesOnExit
HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled HKLM\Software\Policies\Microsoft\Window
HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled HKCU\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout HKLM\Software\Policies\Microsoft\Windows\Explor
HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout HKCU\Software\Policies\Microsoft\Windows\Explore
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoClose
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HidePowerOptions
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCommonGroups
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFavoritesMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFind
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMFUprogramsList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMHelp
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInstrumentation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMorePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetworkConnections
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuPinnedList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveSearch
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveTrack
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMConfigurePrograms
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyDocs
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyMusic
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuNetworkPlaces
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyPictures
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuSubFolders
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSimpleStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideClock
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTaskGrouping
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarsOnTaskbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayContextMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayItemsDisplay
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserNameInStartMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWindowsUpdate
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuEjectPC
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!StartMenuLogOff
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuHomegroup
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuDownloads
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuRecordedTV
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuVideos
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUninstallFromStart
HKCU\Software\Policies\Microsoft\Windows\Explorer!PowerButtonAction
HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowRunAsDifferentUserInStart
HKCU\Software\Policies\Microsoft\Windows\Explorer!GoToDesktopOnSignIn
HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowAppsViewOnStart
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableGlobalSearchOnAppsView
HKCU\Software\Policies\Microsoft\Windows\Explorer!DesktopAppsFirstInAppsView
HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowStartOnDisplayWithForegroundOnWinKey
HKCU\Software\Policies\Microsoft\Windows\Explorer!ForceStartSize
HKCU\Software\Policies\Microsoft\Windows\Explorer!HidePeopleBar
HKLM\Software\Policies\Microsoft\Windows\StorageHealth!AllowDiskHealthModelUpdates
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableConfig
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableSR
HKCU\software\policies\microsoft\TabletTip\1.7!DisableACIntegration
HKLM\software\policies\microsoft\TabletTip\1.7!DisableACIntegration
HKCU\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget
HKLM\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget
HKCU\software\policies\microsoft\TabletTip\1.7!HideIPTIPTarget
HKLM\software\policies\microsoft\TabletTip\1.7!HideIPTIPTarget
HKCU\software\policies\microsoft\TabletTip\1.7!HideIPTIPTouchTarget
HKLM\software\policies\microsoft\TabletTip\1.7!HideIPTIPTouchTarget
HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState HKCU\software\policies\microsoft\TabletTip\1.7!Pass
HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState HKLM\software\policies\microsoft\TabletTip\1.7!Pass
HKCU\software\policies\microsoft\TabletTip\1.7!IncludeRareChar
HKLM\software\policies\microsoft\TabletTip\1.7!IncludeRareChar
HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOutState HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOut
HKLM\software\policies\microsoft\TabletTip\1.7!ScratchOutState HKLM\software\policies\microsoft\TabletTip\1.7!ScratchOu
HKCU\software\policies\microsoft\TabletTip\1.7!DisablePrediction
HKLM\software\policies\microsoft\TabletTip\1.7!DisablePrediction
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAPower
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCANetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAVolume
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAHealth
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarLockAll
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoAddRemoveToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoDragToolbar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoNotification
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoRedock
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoResize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoThumbnail
HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoPinnedList
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSystraySystemPromotion
HKCU\Software\Policies\Microsoft\Windows\Explorer!EnableLegacyBalloonNotifications
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoBalloonFeatureAdvertisements
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoRemoteDestinations
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToTaskbar
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToDestinations
HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoMultimon
HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowWindowsStoreAppsOnTaskbar
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableNotificationCenter
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningStoreToTaskbar
HKCU\Software\Policies\Microsoft\Windows\Settings!AllowConfigureTaskbarCalendar HKCU\Software\Policies\Microsoft\Win
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation
HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_RouterName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterNameResolutionInterval
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_State
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ServerName
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_RefreshRate
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ClientPort
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_DefaultQualified
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState HKLM\Softw
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableWsd
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableIPAutoConfigurationLimits
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowUnlistedRemotePrograms
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowDesktopCompositionOnServer
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ParticipateInLoadBalancing
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoFontSmoothing
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!VIPAdapter
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!PromptOnIPLeaseFail
HKLM\SOFTWARE\Policies\Microsoft\Windows\Session Manager\Quota System!EnableCpuQuota
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI!Enable
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP HKLM\SOFTWARE\P
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DisablePasswordSaving
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MinEncryptionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPromptForPassword
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SecurityLayer
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UserAuthentication
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!CertTemplateName
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitLogonMethod HKCU\SOFTWARE\Policies\M
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy HKCU\SOFTWARE\Policies\Microsoft\Windows
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName HKCU\SOFTWARE\Policies\Micr
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAutoReconnect
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ColorDepth
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxMonitors
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution HKLM\SOFTWARE\Policies\Microsoft\W
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableForcibleLogoff
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable HKLM\SOFTWARE\Policies\Microsoft\W
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicenseServers
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableTerminalServerTooltip
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicensingMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxInstanceCount
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDisconnect
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNTSecurity
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent!LogonWaitForPackageRegistration
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fSingleSessionPerUser
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram HKCU\SOFTWARE\Policies\Microso
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram HKLM\SOFTWARE\Policies\Microsoft\Win
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fWritableTSCCPermTab
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC HKLM\SOFTWARE\Policies\Microsoft\W
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFProfilePath
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFDontAppendUserNameToProfile
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile HKLM\SOFTWARE\Policies\M
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fSecureLicensing
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fPreventLicenseUpgrade
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCam
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowedAudioQualityMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAudioCapture
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCcm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fForceClientLptDef
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableLPT
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisablePNPRedir
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCpm
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver HKLM\SOFTWARE\Policies\Mi
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableSmartCard
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEncryptRPCTraffic
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryActive
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryClusterName
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryExposeServerIP
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryLocation
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PromptForCredsOnClient
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AuthenticationLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxCompressionLevel
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableRemoteFXAdvancedRemoteApp
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AVCHardwareEncodePreferred
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AVC444ModePreferred
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!EnableHardwareMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!VisualExperiencePolicy
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fUsbRedirectionEnableMode
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate HKLM\Software\Polic
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics
HKCU\SOFTWARE\Policies\Microsoft\Workspaces!DefaultConnectionURL
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fClientDisableUDP
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!bEnumerateHWBeforeSW
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableThumbnails
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableThumbnailsOnNetworkFolders
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableThumbsDBOnNetworkFolders
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffTouchInput
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffTouchInput
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPanning
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPanning
HKLM\Software\Policies\Microsoft\TPM!OSManagedAuthLevel
HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCom
HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreDefaultList
HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreLocalList
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration HKLM\Software\Policies\Microsoft\Tpm!S
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold HKLM\Software\Policies\Micro
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold HKLM\Software\Policies\Microsoft\
HKLM\Software\Policies\Microsoft\TPM!UseLegacyDictionaryAttackParameters
HKLM\Software\Policies\Microsoft\DeviceHealthAttestationService!EnableDeviceHealthAttestationService
HKLM\Software\Policies\Microsoft\TPM!ClearTPMIfNotReadyGP
HKLM\Software\Policies\Microsoft\UEV\Agent!Enabled HKLM\Software\Policies\Microsoft\UEV\Agent!RegisterInboxTemplate
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncTimeoutInMilliseconds
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncTimeoutInMilliseconds
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SettingsStoragePath
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SettingsStoragePath
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!MaxPackageSizeInBytes
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!MaxPackageSizeInBytes
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SettingsTemplateCatalogPath HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Common
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Common
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version8
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version8
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version9
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version9
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version10
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version10
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version11
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftInternetExplorer.Version11
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftCalculator6
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftCalculator6
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftNotepad6
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftNotepad6
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftWordpad6
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftWordpad6
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Common HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Common HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Access HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Access HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Excel HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Excel HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016Win32 HKLM\Software\Policies\
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016Win32 HKCU\Software\Policies\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.UploadCenter HKLM\So
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.UploadCenter HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.OneDrive HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.OneDrive HKCU\Softwa
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.OneNote HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.OneNote HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Outlook HKLM\Softwar
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Outlook HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.PowerPoint HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.PowerPoint HKCU\Softw
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Project HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Project HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Publisher HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Publisher HKCU\Softwa
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Visio HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Visio HKCU\Software\Po
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Word HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Win32.Word HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Common HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Common HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Access HKLM\So
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Access HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Excel HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Excel HKCU\Soft
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016BackupWin32 HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016BackupWin32 HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.OneNote HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.OneNote HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Outlook HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Outlook HKCU\S
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.PowerPoint HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.PowerPoint HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Project HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Project HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Publisher HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Publisher HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Visio HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Visio HKCU\Softw
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Word HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016BackupWin32.Word HKCU\Soft
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Common HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Common HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Access HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Access HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Excel HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Excel HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016Office365Win32 HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2016Office365Win32 HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.OneNote HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.OneNote HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Outlook HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Outlook HKCU
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.PowerPoint H
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.PowerPoint H
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Project HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Project HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Publisher HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Publisher HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Visio HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Visio HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Word HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2016Office365Win32.Word HKCU\S
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Common HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Common HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Access HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Access HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Excel HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Excel HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.InfoPath HKLM\Softwar
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.InfoPath HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013Win32 HKLM\Software\Policies\
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013Win32 HKCU\Software\Policies\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.UploadCenter HKLM\So
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.UploadCenter HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.OneDrive HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.OneDrive HKCU\Softwa
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.OneNote HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.OneNote HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Outlook HKLM\Softwar
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Outlook HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.PowerPoint HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.PowerPoint HKCU\Softw
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Project HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Project HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Publisher HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Publisher HKCU\Softwa
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.SharePointDesigner HK
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.SharePointDesigner HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Visio HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Visio HKCU\Software\Po
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Word HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Win32.Word HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Common HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Common HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Access HKLM\So
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Access HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Excel HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Excel HKCU\Soft
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.InfoPath HKLM\
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.InfoPath HKCU\S
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013BackupWin32 HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013BackupWin32 HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.OneNote HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.OneNote HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Outlook HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Outlook HKCU\S
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.PowerPoint HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.PowerPoint HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Project HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Project HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Publisher HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Publisher HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.SharePointDesig
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.SharePointDesig
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Visio HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Visio HKCU\Softw
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Word HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013BackupWin32.Word HKCU\Soft
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Common HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Common HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Access HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Access HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Excel HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Excel HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.InfoPath HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.InfoPath HKCU
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013Office365Win32 HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2013Office365Win32 HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.OneNote HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.OneNote HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Outlook HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Outlook HKCU
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.PowerPoint H
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.PowerPoint H
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Project HKLM
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Project HKCU\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Publisher HKL
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Publisher HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.SharePointDe
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.SharePointDe
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Visio HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Visio HKCU\So
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Word HKLM\S
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2013Office365Win32.Word HKCU\S
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Common HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Common HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Access HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Access HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Excel HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Excel HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.InfoPath HKLM\Softwar
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.InfoPath HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.OneNote HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.OneNote HKCU\Softwar
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2010
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftLync2010
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Outlook HKLM\Softwar
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Outlook HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.PowerPoint HKLM\Soft
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.PowerPoint HKCU\Softw
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Project HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Project HKCU\Software\
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Publisher HKLM\Softwa
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Publisher HKCU\Softwa
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Groove HKLM\Software
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Groove HKCU\Software
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.SharePointDesigner HK
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.SharePointDesigner HKC
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Word HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Word HKCU\Software\P
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Visio HKLM\Software\P
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Applications!MicrosoftOffice2010Win32.Visio HKCU\Software\Po
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingFinance_8wekyb3d8bbwe!Syn
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingFinance_8wekyb3d8bbwe!Syn
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingMaps_8wekyb3d8bbwe!SyncS
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingMaps_8wekyb3d8bbwe!SyncS
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingNews_8wekyb3d8bbwe!SyncS
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingNews_8wekyb3d8bbwe!SyncSe
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingSports_8wekyb3d8bbwe!Sync
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingSports_8wekyb3d8bbwe!SyncS
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingTravel_8wekyb3d8bbwe!SyncS
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingTravel_8wekyb3d8bbwe!SyncS
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingWeather_8wekyb3d8bbwe!Syn
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.BingWeather_8wekyb3d8bbwe!Syn
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.Reader_8wekyb3d8bbwe!SyncSetti
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.Reader_8wekyb3d8bbwe!SyncSetti
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.XboxLIVEGames_8wekyb3d8bbwe!
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.XboxLIVEGames_8wekyb3d8bbwe!
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.ZuneMusic_8wekyb3d8bbwe!Sync
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.ZuneMusic_8wekyb3d8bbwe!SyncS
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.ZuneVideo_8wekyb3d8bbwe!Sync
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\Windows8AppList\Microsoft.ZuneVideo_8wekyb3d8bbwe!SyncS
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\WindowsSettings!DesktopSettings HKLM\Software\Policies\Micr
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\WindowsSettings!DesktopSettings HKCU\Software\Policies\Micr
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncEnabled
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncEnabled
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncMethod HKLM\Software\Policies\Microsoft\UEV\Agent\Con
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncMethod HKCU\Software\Policies\Microsoft\UEV\Agent\Con
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration\WindowsSettings!VdiState HKLM\Software\Policies\Microsoft\U
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration\WindowsSettings!VdiState HKCU\Software\Policies\Microsoft\UE
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!DontSyncWindows8AppSettings
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!DontSyncWindows8AppSettings
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!TrayIconEnabled
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!FirstUseNotificationEnabled
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncUnlistedWindows8Apps
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncProviderPingEnabled
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncProviderPingEnabled
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncOverMeteredNetwork
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncOverMeteredNetwork
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncOverMeteredNetworkWhenRoaming
HKCU\Software\Policies\Microsoft\UEV\Agent\Configuration!SyncOverMeteredNetworkWhenRoaming
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!ContactITDescription
HKLM\Software\Policies\Microsoft\UEV\Agent\Configuration!ContactITUrl
HKLM\Software\Policies\Microsoft\Windows\System!AddAdminGroupToRUP
HKLM\Software\Policies\Microsoft\Windows\System!CompatibleRUPSecurity
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ConnectHomeDirToRoot
HKLM\Software\Policies\Microsoft\Windows\System!DeleteRoamingCache
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDetectEnabled
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkUIEnabled
HKCU\Software\Policies\Microsoft\Windows\System!ExcludeProfileDirs
HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota HKCU\Software\Microsoft\Windows
HKLM\Software\Policies\Microsoft\Windows\System!LocalProfile
HKLM\Software\Policies\Microsoft\Windows\System!ProfileDlgTimeOut
HKLM\Software\Policies\Microsoft\Windows\System!ProfileErrorAction
HKLM\Software\Policies\Microsoft\Windows\System!ProfileUnloadTimeout
HKLM\Software\Policies\Microsoft\Windows\System!ReadOnlyProfile
HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkProfileDefault
HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\System!CleanupProfiles
HKCU\Software\Policies\Microsoft\Windows\System!CscSuspendDirs
HKLM\Software\Policies\Microsoft\Windows\System!DisableForceUnload
HKLM\Software\Policies\Microsoft\Windows\System!WaitForNetwork
HKLM\Software\Policies\Microsoft\Windows\System!MachineProfilePath
HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod HKLM\Software\Policies\Microsoft\Windows\System
HKLM\Software\Policies\Microsoft\Windows\System!AllowUserInfoAccess HKLM\Software\Policies\Microsoft\Windows\Syste
HKLM\Software\Policies\Microsoft\Windows\AdvertisingInfo!DisabledByGroupPolicy
HKLM\Software\Policies\Microsoft\Windows\System!PrimaryComputerEnabledRUP
HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation HKLM\Software\Policies\Microsoft\Windows\System!
HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryBackup HKLM\Software\Policies\Microsoft\FVE!RequireActiveDirectory
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryPassword HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryDrive
HKLM\SOFTWARE\Policies\Microsoft\FVE!DefaultRecoveryFolderPath
HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethod
HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethodNoDiffuser
HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethodWithXtsOs HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionM
HKLM\Software\Policies\Microsoft\FVE!MorBehavior
HKLM\Software\Policies\Microsoft\FVE!DisableExternalDMAUnderLock
HKLM\Software\Policies\Microsoft\FVE!RecoveryKeyMessageSource HKLM\Software\Policies\Microsoft\FVE!RecoveryKeyMes
HKLM\Software\Policies\Microsoft\FVE!UseEnhancedPin
HKLM\Software\Policies\Microsoft\FVE!OSPassphrase HKLM\Software\Policies\Microsoft\FVE!OSPassphraseComplexity HKLM
HKLM\Software\Policies\Microsoft\FVE!TPMAutoReseal
HKLM\Software\Policies\Microsoft\FVE!DisallowStandardUserPINReset
HKLM\Software\Policies\Microsoft\FVE!IdentificationField HKLM\Software\Policies\Microsoft\FVE!IdentificationFieldString HK
HKLM\Software\Policies\Microsoft\FVE!CertificateOID
HKLM\Software\Policies\Microsoft\FVE!OSUseEnhancedBcdProfile HKLM\Software\Policies\Microsoft\FVE!OSBcdAdditionalSe
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecovery HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageDRA HKLM\SOFTW
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableNonTPM HKLM\SOFTWARE\Policies\Microsoft\FVE!UsePartialEncryptionKey
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAdvancedStartup HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableBDEWithNoT
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageNKP
HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation!Enabled HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformValid
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled HKLM\SOFTWARE\Policies\Microsoft\FVE\OSP
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled HKLM\SOFTWARE\Policies\Microsoft\FVE\OSP
HKLM\Software\Policies\Microsoft\FVE!MinimumPIN
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardwareEncryption HKLM\SOFTWARE\Policies\Microsoft\FVE!OSAllowSoftware
HKLM\Software\Policies\Microsoft\FVE!OSEnablePrebootInputProtectorsOnSlates
HKLM\Software\Policies\Microsoft\FVE!OSEnablePreBootPinExceptionOnDECapableDevice
HKLM\Software\Policies\Microsoft\FVE!OSAllowSecureBootForIntegrity
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecovery HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecoveryPassword HKLM
HKLM\Software\Policies\Microsoft\FVE!FDVPassphrase HKLM\Software\Policies\Microsoft\FVE!FDVEnforcePassphrase HKLM\
HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess
HKLM\Software\Policies\Microsoft\FVE!FDVDiscoveryVolumeType HKLM\Software\Policies\Microsoft\FVE!FDVNoBitLockerToG
HKLM\Software\Policies\Microsoft\FVE!FDVAllowUserCert HKLM\Software\Policies\Microsoft\FVE!FDVEnforceUserCert
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardwareEncryption HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVAllowSoftwa
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecovery HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecoveryPassword HKL
HKLM\Software\Policies\Microsoft\FVE!RDVConfigureBDE HKLM\Software\Policies\Microsoft\FVE!RDVAllowBDE HKLM\Softw
HKLM\Software\Policies\Microsoft\FVE!RDVPassphrase HKLM\Software\Policies\Microsoft\FVE!RDVEnforcePassphrase HKLM
HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess HKLM\Software\Policies\Microsoft\FVE!RDVDe
HKLM\Software\Policies\Microsoft\FVE!RDVDiscoveryVolumeType HKLM\Software\Policies\Microsoft\FVE!RDVNoBitLockerTo
HKLM\Software\Policies\Microsoft\FVE!RDVAllowUserCert HKLM\Software\Policies\Microsoft\FVE!RDVEnforceUserCert
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardwareEncryption HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVAllowSoftw
HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate HKLM\Software\Policies\Microsoft\W32Time\Con
HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer HKLM\Software\Policies\Microsoft\W32time\Parameters
HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!Enabled
HKLM\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServer!Enabled
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockNonDomain
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fMinimizeConnections
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockRoaming
HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fDisablePowerManagement
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled HKLM\SOFTWARE\Policies\Microsoft\Wind
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Window
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!OnlySystemBackup
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToDisk
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToNetwork
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToOptical
HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoRunNowBackup
HKCU\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall
HKLM\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall
HKCU\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi
HKLM\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars HKLM\Software\Policies\Microsoft\Windows\W
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!DisableAutoExclusions
HKLM\Software\Policies\Microsoft\Windows Defender!AllowFastServiceStartup
HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware
HKLM\Software\Policies\Microsoft\Windows Defender!DisableLocalAdminMerge
HKLM\Software\Policies\Microsoft\Windows Defender!DisableRoutinelyTakingAction
HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass
HKLM\Software\Policies\Microsoft\Windows Defender!ProxyPacUrl
HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer
HKLM\Software\Policies\Microsoft\Windows Defender!RandomizeScheduleTaskTimes
HKLM\Software\Policies\Microsoft\Windows Defender!ServiceKeepAlive
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\NIS!DisableProtocolRecognition
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!DisableSignatureRetirement
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_diffe
HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!LocalSettingOverridePurgeItemsAfterDelay
HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay HKLM\Software\Policies\Microsoft\
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableBehaviorMonitoring
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIOAVProtection
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableOnAccessProtection
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRawWriteNotification
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRealtimeMonitoring
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableScanOnRealtimeEnable
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableBehaviorMonitoring
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableOnAccessProtection
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableIOAVProtection
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableRealtimeMonitoring
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideRealtimeScanDirection
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection HKLM\Software\Policies\
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!LocalSettingOverrideScan_ScheduleTime
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!DisableGenericRePorts
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!DisableEnhancedNotifications
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AllowPause
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth HKLM\Software\Policies\Microsoft\Windows D
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize HKLM\Software\Policies\Microsoft\Windows De
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor HKLM\Software\Policies\Microsoft\Windows
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!CheckForSignaturesBeforeRunningScan
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableArchiveScanning
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupFullScan
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupQuickScan
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableEmailScanning
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableHeuristics
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisablePackedExeScanning
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableReparsePointScanning
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRestorePoint
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningMappedNetworkDrivesForFullScan
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningNetworkFiles
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideAvgCPULoadFactor
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScanParameters
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleDay
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleQuickScanTime
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleTime
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval HKLM\Software\Policies\Microsoft\Windows D
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanOnlyIfIdle
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters HKLM\Software\Policies\Microsoft\Windows De
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defen
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defe
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!MissedScheduledScanCountBeforeCatchup HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue HKLM\Software\Policies\Microsoft
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScanOnUpdate
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScheduledSignatureUpdateOnBattery
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableUpdateOnStartupWithoutEngine
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ForceUpdateFromMU
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!RealtimeSignatureDelivery
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureDisableNotification
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval HKLM\Software\P
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval HKLM\Software\Policies\M
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!UpdateOnStartUp
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!DisableBlockAtFirstSeen
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!LocalSettingOverrideSpynetReporting
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting HKLM\Software\Policies\Microsoft\Windows
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SubmitSamplesConsent HKLM\Software\Policies\Microsoft\Wi
HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction HKLM\Software\Policies\Micro
HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction HKLM\Software\Policies
HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!UILockdown
HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!SuppressRebootNotification
HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!Notification_Suppress
HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString
HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!MpCloudBlockLevel HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine!MpBafsExtendedTimeout HKLM\Software\Policies\Microso
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection!EnableNetwork
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access!EnableCon
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR!ExploitGuard_ASR_Rules HKLM
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR!ExploitGuard_ASR_ASROnlyExc
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access!ExploitGua
HKLM\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Controlled Folder Access!ExploitGua
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Virus and threat protection!UILockdown
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Firewall and network protection!UILockdown
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection!UILockdown
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\App and Browser protection!DisallowExploitProtecti
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Device performance and health!UILockdown
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Family options!UILockdown
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications!DisableNotifications
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications!DisableEnhancedNotifications
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!EnableForToasts
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!EnableInApp
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!CompanyName
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!Phone
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!Email
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Enterprise Customization!Url
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoBackButton
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoFileMru
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoPlacesBar
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0 HKCU\Software\Microsoft\Windows
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClassicShell
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ConfirmFileDelete
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!EnforceShellExtensionSecurity
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LinkResolveIgnoreLinkInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MaxRecentDocs
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThumbnailCache
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCDBurning
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeAnimation
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeKeyboardNavigationIndicators
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDFSTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDrives
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network!NoEntireNetwork
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFileMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFolderOptions
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoHardwareTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoManageMyComputerVerb
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSharedDocuments
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetConnectDisconnect
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecycleFiles
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRunasInstallPrompt
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSecurityTab
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoShellSearchButton
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewContextMenu
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewOnDrive
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWinKeys
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoComputersNearMe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PromptRunasInstallNetPath
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RecycleBinSize
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior
HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchInternetTryHarderButton
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch HKCU\Software\Policies\Microsoft\Windo
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary HKCU\Software\Policies\Microsoft\Windows\E
HKLM\Software\Policies\Microsoft\Windows\Explorer!CheckSameSourceAndTargetForFRAndDFS
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders HKCU\Software\Policies\Microsoft\Windows\Exp
HKCU\Software\Policies\Microsoft\Windows\Explorer!HideContentViewModeSnippets
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableIndexedLibraryExperience
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableSearchBoxSuggestions
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F
HKLM\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation
HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation
HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen HKLM\Software\Policies\Microsoft\Windows\System
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowLockOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowSleepOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowHibernateOption
HKLM\Software\Policies\Microsoft\Windows\Explorer!NoNewAppAlert
HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized HKLM\Software\Policies\Microsoft\Wi
HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized HKCU\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows\System!DefaultAssociationsConfiguration
HKLM\Software\Policies\Microsoft\Windows\Explorer!EnableShellShortcutIconRemotePath
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SFCDllCacheDir
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcQuota
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcScan
HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcShowProgress
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled HKLM\SOFTWARE\Pol
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Polic
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable H
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets HKLM\SOFTWARE\Policies
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableNotifications
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled HKLM\SOFTWARE\Policies
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled HKLM\SOFTWARE\Polic
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled HKLM\SOFTWARE\P
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableUnicastResponsesToMulticastBroadcast
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled HKLM\SOFTWARE\P
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled HKLM\SOFTWARE\Po
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Poli
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets HKLM\SOFTWARE\Policie
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableNotifications
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled HKLM\SOFTWARE\Policie
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled HKLM\SOFTWARE\Pol
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled HKLM\SOFTWARE\
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableUnicastResponsesToMulticastBroadcast
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled HKLM\SOFTWARE
HKLM\Software\Policies\Microsoft\WindowsInkWorkspace!AllowWindowsInkWorkspace HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\WindowsInkWorkspace!AllowSuggestedAppsInWindowsInkWorkspace
HKLM\Software\Policies\Microsoft\WMDRM!DisableOnline
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DisableAutoUpdate
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!GroupPrivacyAcceptance
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DontUseFrameInterpolation
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCDDVDMetadataRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!PreventLibrarySharing
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventMusicFileMetadataRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!QuickLaunchShortcut
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventRadioPresetsRetrieval
HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DesktopShortcut
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!EnableScreenSaver
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCodecDownload
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!DoNotShowAnchor
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HidePrivacyTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideSecurityTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin HKCU\Software\Policies\Microsoft\WindowsMediaP
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy HKCU\Software\Policies\Microsoft\Win
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy HKCU\Software\Policies\Microsoft\Win
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy HKCU\Software\Policies\Microsoft\Wind
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideNetworkTab
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy HKCU\Software\Policies\Microsoft\Window
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols HKCU\Software\Policie
HKLM\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun
HKCU\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun
HKLM\Software\Policies\Microsoft\Messenger\Client!PreventRun
HKCU\Software\Policies\Microsoft\Messenger\Client!PreventRun
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowBasic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowUnencryptedTraffic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowDigest
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowNegotiate
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowKerberos
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowCredSSP
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts HKLM\Software\Policies\Microsoft\Windows\WinR
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig HKLM\Software\Policies\Microsoft\Windows\
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!HttpCompatibilityListener
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!HttpsCompatibilityListener
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowBasic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowUnencryptedTraffic
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!DisableRunAs
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowNegotiate
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowKerberos
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowCredSSP
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!CBTHardeningLevelStatus HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!AllowRemoteShellAccess
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!IdleTimeout
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxConcurrentUsers
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxMemoryPerShellMB
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxProcessesPerShell
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!ShellTimeOut
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS!MaxShellsPerUser
HKCU\Software\Policies\Microsoft\WindowsStore!RemoveWindowsStore
HKLM\Software\Policies\Microsoft\WindowsStore!RemoveWindowsStore
HKLM\Software\Policies\Microsoft\WindowsStore!AutoDownload
HKLM\Software\Policies\Microsoft\WindowsStore!AutoDownload
HKCU\Software\Policies\Microsoft\WindowsStore!DisableOSUpgrade
HKLM\Software\Policies\Microsoft\WindowsStore!DisableOSUpgrade
HKLM\Software\Policies\Microsoft\WindowsStore!DisableStoreApps
HKCU\Software\Policies\Microsoft\WindowsStore!RequirePrivateStoreOnly
HKLM\Software\Policies\Microsoft\WindowsStore!RequirePrivateStoreOnly
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption
HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess HKCU\Software
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate HKLM\Software\Policies\Microsoft\Window
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!WUServer HKLM\Software\Policies\Microsoft\Windows\Windo
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled HKLM\Software\Policies\Micr
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ElevateNonAdmins
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AutoInstallMinorUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!IncludeRecommendedUpdates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!EnableFeaturedSoftware
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AUPowerManagement
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AlwaysAutoRebootAtScheduledTime HKLM\Software\Polic
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled HKLM\Software\Policies\
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled HKLM\Software\Policies\M
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled HKLM\Software\Policies\Mic
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled HKLM\Software\Policies\Microsoft\Windo
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!AcceptTrustedPublisherCerts
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DoNotConnectToWindowsUpdateInternetLocations
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ManagePreviewBuilds HKLM\Software\Policies\Microsoft\Win
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DeferFeatureUpdates HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DeferQualityUpdates HKLM\Software\Policies\Microsoft\Wind
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ExcludeWUDriversInQualityUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetActiveHours HKLM\Software\Policies\Microsoft\Windows\W
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetAutoRestartDeadline HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetDisableUXWUAccess
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetActiveHoursMaxRange HKLM\Software\Policies\Microsoft\W
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetAutoRestartRequiredNotificationDismissal HKLM\Software\
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetAutoRestartNotificationConfig HKLM\Software\Policies\Mic
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetAutoRestartNotificationDisable
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetRestartWarningSchd HKLM\Software\Policies\Microsoft\Wi
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetEngagedRestartTransitionSchedule HKLM\Software\Policies
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!SetEDURestart
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!AllowAutoWindowsUpdateDownloadOverMeteredNetwork
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableDualScan
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableShutdownNamedPipe
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ShutdownSessionTimeout
HKLM\Software\Policies\Microsoft\Windows\System!HiberbootEnabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisplayLastLogonInfo
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DontDisplayLogonHoursWarnings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonHoursAction
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!SoftwareSASGeneration
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ReportControllerMissing
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ReportControllerMissing
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Shell
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableAutomaticRestartSignOn
HKLM\Software\Policies\Microsoft\Windows\Maps!AutoDownloadAndUpdateMapData
HKLM\Software\Policies\Microsoft\Windows\Maps!AllowUntriggeredNetworkTrafficOnSettingsPage
HKLM\Software\Policies\Microsoft\Windows\System!AllowBlockingAppsAtShutdown
HKLM\Software\Policies\Microsoft\Windows\Connect!AllowProjectionToPC
HKLM\Software\Policies\Microsoft\Windows\Connect!RequirePinForPairing
HKLM\Software\Policies\Microsoft\Windows\Wireless\NetCost!Cost
HKLM\SOFTWARE\Policies\Microsoft\WirelessDisplay!EnforcePinBasedPairing
HKLM\SOFTWARE\Policies\Microsoft\WirelessDisplay!PreferPinBasedPairing
HKLM\Software\Microsoft\wcmsvc\wifinetworkmanager\config!AutoConnectAllowedOEM
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\SearchExtensions!InternetExtensionName HKCU\Softwa
HKLM\Software\Policies\Microsoft\Windows\WorkFolders!AutoProvision
HKCU\Software\Policies\Microsoft\Windows\WorkFolders!SyncUrl HKCU\Software\Policies\Microsoft\Windows\WorkFolders!
HKCU\Software\Policies\Microsoft\Windows\WorkFolders!EnableTokenBroker
HKLM\Software\Policies\Microsoft\Windows\WorkplaceJoin!autoWorkplaceJoin
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoTileApplicationNotification
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotification
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotificationOnLockScree
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoCloudApplicationNotification
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!Enable
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!EntryTime
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!ExitTime
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!AllowCalls
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!DisallowNotificationMirroring
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost3G
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost4G
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\UISettings!AppCellularAccessUI
HKLM\Software\Policies\Microsoft\Windows\WwanSvc\CellularDataAccess!LetAppsAccessCellularData HKLM\Software\Polici
Supported On
At least Windows Vista
At least Windows Vista
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server, Windows 10 up to Version 1703
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows 10 Enterprise
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10 Version 1703
SUPPORTED_Windows_10_0_NOARM
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows 8.1 Update 2
At least Windows 8.1 Update 2
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server or Windows 10
Windows XP or Windows Server 2003, or computers with BITS 1.5 installed.
At least Windows Vista
Windows XP SP2 or Windows Server 2003 SP1, or computers with BITS 2.0 installed.
Windows 7 or computers with BITS 3.5 installed.
Windows 7 or computers with BITS 3.5 installed.
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows 8 or Windows Server 2012 or Windows RT or computers with BITS 5 installed.
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows 7 or computers with BITS 3.5 installed.
At least Windows Server, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10
At least Windows 10
At least Windows 10
At least Windows Server, Windows 10 Version 1703
At least Windows 10
At least Windows 10
At least Windows 10
At least Windows Server, Windows 10 Version 1703
At least Windows Server, Windows 10 Version 1703
At least Windows 2000
At least Windows 2000
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
at least Windows NetMeeting v3.0
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
SUPPORTED_Windows_10
SUPPORTED_Windows_10
At least Windows 2000
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows 2000
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
At least Windows Server 2012, Windows 8 or Windows RT or at least Internet Explorer 10
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003 and Windows XP only
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000 Service Pack 3
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
Windows Server 2008 with Desktop Experience installed or Windows Vista
Windows Server 2008 with Desktop Experience installed or Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server, Windows 10 Version 1703
At least Windows Server, Windows 10 Version 1703
Windows Server 2003, Windows XP, and Windows 2000 only
Windows XP Professional only
Windows XP Professional only
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
Windows XP Professional only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server or Windows 10
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Server or Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Server 2003 and Windows XP only
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2003 and Windows XP only
Windows Server 2003 and Windows XP only
Windows Server 2003 and Windows XP only
Windows Server 2003 and Windows XP only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, Windows 7, a
Windows Server Version 1703, Windows 10 Version 1703, Windows 10, Windows 8.1, Windows 8, Windows 7, a
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7,
Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7,
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server, Windows 10 Version 1709
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server, Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows 10
At least Windows Vista
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Server 2008
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003 and Windows XP only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server, Windows 10 Version 1709
At least Internet Explorer 6 Service Pack 1
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Ser
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional with SP2
At least Windows Vista
At least Windows Vista
Windows Server 2003 only
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 11.0 on Windows 8.1
Only Internet Explorer 11.0 on Windows 8.1
At least Internet Explorer 11.0 on Windows 10
At least Internet Explorer 11.0 on Windows 10
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
Only Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 6.0 in Windows 2003 Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
Only Internet Explorer 4.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 5.0 through Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 11.0 on Windows 10, version 1703 or later
At least Internet Explorer 11.0 on Windows 10, version 1703 or later
At least Internet Explorer 7.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0. Not supported on Windows Vista
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 7.0
Only Internet Explorer 7.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 7.0 and Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
Only Internet Explorer 6.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 7.0 and Internet Explorer 8.0
Only Internet Explorer 7.0 and Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 7.0 to Internet Explorer 10.0
Internet Explorer 7.0 to Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 5.0
Internet Explorer 7.0 to Internet Explorer 10.0
Internet Explorer 7.0 to Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 6.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0. Not supported on Windows Vista
At least Internet Explorer 5.0
Only Internet Explorer 5.0 through Internet Explorer 9.0
At least Internet Explorer 10.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0. Not supported on Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 through Internet Explorer 7.0
Only Internet Explorer 5.0 through Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0. Not supported on Windows Vista
At least Internet Explorer 7.0. Not supported on Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0 in Windows Vista
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inc
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
Only Internet Explorer 9.0 through 11.0. Not supported on Windows 10
Only Internet Explorer 9.0 through 11.0. Not supported on Windows 10
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 5.0
At least Internet Explorer 5.0
Only Internet Explorer 5.0 and Internet Explorer 6.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 8.0 to Internet Explorer 10.0
Internet Explorer 8.0 to Internet Explorer 10.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 7.0
At least Internet Explorer 7.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
Only Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 8.0 to Internet Explorer 10.0
Internet Explorer 8.0 to Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
Internet Explorer 8.0 to Internet Explorer 10.0
Internet Explorer 8.0 to Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 9.0
At least Internet Explorer 9.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 11.0 on Windows 10, vertion 1607 or later
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0 on Windows 8
At least Internet Explorer 10.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Internet Explorer 8.0
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2012, Windows 8, Windows RT, Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2003 and versions of Windows from Windows XP Professional through Windows 7.
Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
Windows 2000 only
At least Windows 2000
At least Windows Vista
Windows operating systems from Windows Vista through Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2008 R2 and Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows 10
At least Windows 10
At least Windows Server, Windows 10 Version 1709
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1708 or later
Microsoft Edge on Windows 10, Version 1708 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1709 or later
Microsoft Edge on Windows 10, Version 1709 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1709 or later
Microsoft Edge on Windows 10, Version 1709 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10, Version 1703 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1607 or later
Microsoft Edge on Windows 10, Version 1607 or later
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional with SP1
At least Windows 2000
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows Server 2003
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
Windows Server 2003 only
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows 2000
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Server 2003 R2
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10 Version 1703
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Installer v4.0
At least Windows 2000
Windows Installer v3.0
Windows Installer v4.0
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Installer v3.0
Windows Installer v3.0
At least Windows Server 2003 operating systems or Windows XP Professional
Microsoft Windows XP or Windows 2000 with Windows Installer v2.0
Windows Installer v3.0
Windows Installer v3.0
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Installer v4.5
Windows Installer v4.5
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10 Version 1709
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2012 R2 or Windows 8.1
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
At least Windows Server 2003 operating systems or Windows XP Professional
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
Windows Server 2003 and Windows XP only
Microsoft Windows XP Professional with SP2 and Windows Server 2003 family only
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Windows Server 2003 and Windows XP only
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
At least Windows 2000 Service Pack 1
At least Windows 2000 Service Pack 1
Windows Server 2003, Windows XP, and Windows 2000 only
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000 Service Pack 1
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows Server 2003 operating systems Service Pack 1, Windows XP Professional Service Pack 2, or Wi
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows XP Professional only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Vista
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 7 or Windows Server 2008 R2*
At least Windows 7 or Windows Server 2008 R2*
At least Windows 7 or Windows Server 2008 R2*
At least Windows 7 or Windows Server 2008 R2*
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Windows Vista only
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003 operating systems or Windows XP Professional with SP1
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows 10
At least Windows 10
At least Windows 10
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
At least Microsoft Windows 7 or Windows Server 2008 family
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Supported Windows Vista through Windows 7
Supported Windows Vista through Windows 7
Windows 2000 only
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Vista
At least Windows 2000
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows Vista
Windows Server 2008 and Windows Vista
Windows Server 2008 and Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows 2000
Supported Windows XP SP1 through Windows Server 2008 RTM
At least Windows Vista
At least Windows 2000
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server 2003
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
Windows Server 2008 R2 and Windows 7
At least Windows Server 2003
Windows Server 2003 only
Windows Server 2003 only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional with SP1
At least Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Any version of Microsoft Windows with Windows Search 4.0 or later
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 4.0 or later
Any version of Microsoft Windows with Windows Search 4.0 or later
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows 8 or later
Microsoft Windows 8.1 or later
Microsoft Windows 8.1 or later
Microsoft Windows 8.1. Not supported on Windows 10 or later
Microsoft Windows 8.1. Not supported on Windows 10 or later
Microsoft Windows 8.1. Not supported on Windows 10 or later
Any version of Microsoft Windows with Windows Search 4.0
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 4.0 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows Vista or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Any version of Microsoft Windows with Windows Search 4.0 or later
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows Vista, or any version of Windows with Windows Search 3.01 or later
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft W
Microsoft Windows XP, or Windows Server 2003 with Windows Search version 3.01 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Any version of Microsoft Windows with Windows Search 4.0 or later
Microsoft Windows XP, Windows Server 2003 with Windows Search version 3.01, or any version of Microsoft Wi
Microsoft Windows 8 or later
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008
At least Windows Server 2008
Windows Server 2008 and Windows Server 2008 R2 operating systems only
At least Windows Server 2003
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows Vista only
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista Service Pack 1
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10 Version 1703
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10 or later
Microsoft Edge on Windows 10, Version 1511 or later
Microsoft Edge on Windows 10, Version 1511 or later
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2008, Windows 7, Windows Vista, and Windows 10
Windows Server 2008, Windows 7, and Windows Vista
Windows Vista only
At least Windows Server 2008 R2 or Windows 7. Not supported on Windows 10 or later
Windows Server 2008 R2 and Windows 7
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008 and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Vista only
At least Windows 2000
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003 and Windows XP only
At least Windows 2000
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows 2000
At least Windows Server, Windows 10
At least Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
Windows Server 2003 and Windows XP only
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 10
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
At least Windows Server, Windows 10
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
At least Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
At least Windows 2000
At least Windows 2000
Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Window
Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Window
At least Windows 2000
Windows Server 2012 R2, Windows 8.1, Windows RT 8.1, Windows Server 2008, Windows Server 2003, Windows
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, Windows 2000, and Wi
Windows Server 2008, Windows Server 2003, Windows Vista, and Windows XP
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003 and Windows XP only
At least Windows 2000 through Windows 8.1 or Windows Server 2012 R2
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
At least Windows 2000
Windows Server 2008 R2 and Windows 7
Windows Server 2008 R2 and Windows 7
Windows Server 2008 R2 and Windows 7
Windows Server 2008 R2 and Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2008 R2 and Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1 only
At least Windows Server or Windows 10
At least Windows Server, Windows 10 Version 1703
At least Windows Server, Windows 10 Version 1709
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
Windows Vista only
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Vista only
Windows Vista only
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
Windows Vista only
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server, Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10 Version 1703
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
Windows Server 2008, Windows 7, Windows Vista, and Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
Windows Server 2008 R2 only
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2008 R2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows XP and Windows Server 2003 only
At least Windows Server 2003
At least Windows Server 2003 with Service Pack 1
At least Windows Server 2003 with Service Pack 1
At least Windows Server 2003 with Service Pack 1
At least Windows Server 2003
At least Windows 2000 Terminal Services
At least Windows 2000 Terminal Services
At least Windows 8 Enterprise or Windows Server 2012
Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windo
Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windo
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003 with Service Pack 1
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003 with Service Pack 2
At least Windows Server 2008 R2
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2008 or Windows 7
At least Windows Server 2008 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003 with Service Pack 1 only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003
At least Windows Server 2003, Enterprise Edition
At least Windows Server 2003, Enterprise Edition
At least Windows Server 2003, Enterprise Edition
At least Windows Server 2003, Enterprise Edition
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003
At least Windows Server 2003
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Vista with Service Pack 1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista with Service Pack 1
At least Windows Server 2012 R2 or Windows 8.1
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only
At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service Pack 1
Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only
Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
MicrosoftWindowsVista_SP1
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008 R2 and Windows 7
Windows Server 2008 R2 and Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10 Version 1703
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
SUPPORTED_Windows_10_0_NOARM
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems, Windows XP Professional Service Pack 1, or Windows 2000 Ser
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2008 and Windows Vista
Windows Server 2008 and Windows Vista
At least Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008, Windows 7,
At least Windows Server, Windows 10 Version 1703
At least Windows Server or Windows 10
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012 or Windows 8
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 or Windows 8
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012 or Windows 8
Windows Server 2008 and Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012 or Windows 8
Windows Server 2008, Windows 7, and Windows Vista
At least Windows Server 2012 or Windows 8
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 or Windows 8
At least Windows Server, Windows 10 Version 1703
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012 or Windows 8
At least Windows Server 2012 or Windows 8
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
Windows Vista only
Windows Vista only
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Server 2008
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows Server, Windows 10 Version 1709
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2008, Windows Server 2003, Windows Vista, Windows XP, and Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows 2000
At least Windows 2000
Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, Windows XP, and Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows 2000
At least Windows 2000
Windows XP Professional only
At least Windows 2000
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows Server 2003 operating systems or Windows XP Professional
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows 2000
At least Windows 2000
At least Windows Server 2003
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Vista
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Server 2003, Windows XP, and Windows 2000 only
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows XP Professional with SP2
At least Windows 10 Redstone
At least Windows 10 Redstone
At least Windows Server 2003
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player 11 for Windows XP or Windows Media Player 11 for Windows Vista or later.
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and later.
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Media Player 9 Series and later.
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and later.
Windows Media Player for Windows XP and later.
Windows Server 2003, Windows XP, and Windows 2000 only
Windows Media Player 9 Series and later.
Windows Media Player for Windows XP and later.
Windows Media Player for Windows XP and later.
Windows Media Player for Windows XP and later.
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Server 2003 operating systems or Windows XP Professional
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
Windows XP Professional only
Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2
Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2
Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2
Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP SP2
At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1
Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3
At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT
At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT
At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1
At least Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 through Windows 8.1
At least Windows Vista through Windows 8.1 or Windows Server 2012 R2 with most current service pack
Windows Server 2008, Windows 7, and Windows Vista
Windows Server 2008, Windows 7, and Windows Vista
Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3
At least Windows Server 2012, Windows 8 or Windows RT
Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1
Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1
Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2003, Windows XP SP2, Windows XP SP1
At least Windows XP Professional Service Pack 1 or Windows 2000 Service Pack 3, excluding Windows RT
At least Windows Server 2003 operating systems or Windows XP Professional with SP1, excluding Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10 Version 1709
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server or Windows 10
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows Server or Windows 10
At least Windows Vista
At least Windows Vista
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows Vista
At least Windows 2000
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows 10
At least Windows 10
At least Windows Vista
At least Windows 10
At least Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10
At least Windows 10
At least Windows Vista
At least Windows Server 2008 R2 or Windows 7
At least Windows Server 2008 R2 or Windows 7
At least Windows Server, Windows 10 Version 1703
At least Windows Server 2012 R2 or Windows 8.1
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server 2012 R2, Windows 8.1 or Windows RT 8.1
At least Windows Server, Windows 10
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server 2012, Windows 8 or Windows RT
At least Windows Server, Windows 10
At least Windows Server, Windows 10 Version 1703
Help Text
This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX cont
This policy setting controls the installation of ActiveX controls for sites in Trusted zone. If you enable this policy setting, ActiveX
Specifies the category of programs that appears when users open the "Add New Programs" page. If you enable this setting, on
Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from
Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using
Prevents users from viewing or installing published programs. This setting removes the "Add programs from your network" sec
Removes the Add New Programs button from the Add or Remove Programs bar. As a result, users cannot view or change the att
Prevents users from using Add or Remove Programs. This setting removes Add or Remove Programs from Control Panel and re
Removes the Set Program Access and Defaults button from the Add or Remove Programs bar. As a result, users cannot view or
Removes the Change or Remove Programs button from the Add or Remove Programs bar. As a result, users cannot view or cha
Prevents users from using Add or Remove Programs to configure installed services. This setting removes the "Set up services"
Removes links to the Support Info dialog box from programs on the Change or Remove Programs page. Programs listed on the
Removes the Add/Remove Windows Components button from the Add or Remove Programs bar. As a result, users cannot view
This policy setting determines whether users can get preview builds of Windows, by configuring controls in Settings > Update a
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launch
This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on t
The policy controls the state of the Application Telemetry engine in the system. Application Telemetry is a mechanism that trac
The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides ge
This policy controls the state of the application compatibility engine in the system. The engine is part of the loader and looks t
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the u
This policy setting controls the state of Steps Recorder. Steps Recorder keeps a record of steps taken by the user. The data gene
This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications, files, devices,
This policy setting enables application isolation through Windows Defender Application Guard (Application Guard). Application
This policy setting allows you to decide how the clipboard behaves while in Windows Defender Application Guard (Application
This policy setting allows you to decide how the print functionality behaves while in Windows Defender Application Guard (App
This policy setting allows you to decide whether websites can load non-enterprise content in Microsoft Edge and Internet Explo
This policy setting allows you to decide whether data should persist across different sessions in Windows Defender Application
This policy setting allows you to decide whether auditing events can be collected from Windows Defender Application Guard (A
This policy setting specifies whether Windows apps can access account information. You can specify either a default setting fo
This policy setting specifies whether Windows apps can access the calendar. You can specify either a default setting for all app
This policy setting specifies whether Windows apps can access call history. You can specify either a default setting for all apps o
This policy setting specifies whether Windows apps can access the camera. You can specify either a default setting for all apps
This policy setting specifies whether Windows apps can access contacts. You can specify either a default setting for all apps or
This policy setting specifies whether Windows apps can access email. You can specify either a default setting for all apps or a p
This policy setting specifies whether Windows apps can access location. You can specify either a default setting for all apps or
This policy setting specifies whether Windows apps can read or send messages (text or MMS). You can specify either a default
This policy setting specifies whether Windows apps can access the microphone. You can specify either a default setting for all
This policy setting specifies whether Windows apps can access motion data. You can specify either a default setting for all app
This policy setting specifies whether Windows apps can access notifications. You can specify either a default setting for all app
This policy setting specifies whether Windows apps can make phone calls. You can specify either a default setting for all apps o
This policy setting specifies whether Windows apps have access to control radios. You can specify either a default setting for a
This policy setting specifies whether Windows apps can communicate with unpaired wireless devices. You can specify either a
This policy setting specifies whether Windows apps can access tasks. You can specify either a default setting for all apps or a p
This policy setting specifies whether Windows apps can access trusted devices. You can specify either a default setting for all a
This policy setting specifies whether Windows apps can run in the background. You can specify either a default setting for all a
This policy setting specifies whether Windows apps can get diagnostic information about other Windows apps, including user n
This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for dis
Specifies directory where all new applications and updates will be installed.
Specifies how new packages should be loaded automatically by App-V on a specific computer.
Overrides source location for downloading package content.
Specifies the number of times to retry a dropped session.
Specifies the number of seconds between attempts to reestablish a dropped session.
Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
Specifies the path to a valid certificate in the certificate store.
Verifies Server certificate revocation status before streaming using HTTPS.
Specifies that streamed package contents will be not be saved to the local hard disk.
This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network
Requires admin privileges to publish and unpublish packages and connection groups.
If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this
Reporting Server URL: Displays the URL of reporting server. Reporting Time: When the client data should be reported to the se
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Publishing Server Display Name: Displays the name of publishing server. Publishing Server URL: Displays the URL of publishing
Enables a UX to display to the user when a publishing refresh is performed on the client.
Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
Enables scripts defined in the package manifest of configuration files that should run.
Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='d
Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;so
Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file ty
Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file ty
The program collects information about computer hardware and how you use Microsoft Application Virtualization without inte
Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, br
Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
Enables background sync to server when on battery power.
This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store a
This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special pro
Allows or denies development of Windows Store applications and installing them directly from an IDE. If you enable this settin
This policy setting allows you to manage installing Windows apps on additional volumes such as secondary partitions, USB driv
Prevent users' app data from moving to another location when an app is moved or installed on another location. If you enable
Manages a Windows app's ability to share data between users who have installed the app. If you enable this policy, a Window
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Be
This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Be
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme
This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme
This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to
This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of t
This policy setting controls whether Windows Store apps with Windows Runtime API access directly from web content can be l
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are regis
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments. Preferring th
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachment
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types, Wind
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file
This policy setting determines what information is logged in security audit events when a new process has been created. This s
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf file
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf file
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected.
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected.
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert med
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert med
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting, AutoPlay is not
This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting preve
This policy setting controls whether OS Reactivation is blocked on a device. Policy Options: - Not Configured (default -- Wind
This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configu
This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. B
This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permiss
This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initi
This policy setting determines whether enhanced anti-spoofing is required for Windows Hello face authentication. If you enab
This policy setting specifies the number of days a pending BITS job can remain inactive before the job is considered abandoned
This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files i
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfe
This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific
This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to m
This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the to
This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is e
This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is
This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers fr
This policy setting defines the default behavior that the Background Intelligent Transfer Service (BITS) uses for background tran
This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the to
This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs
This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use
This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component
This policy setting allow the use of Camera devices on the machine. If you enable or do not configure this policy setting, Came
If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Mana
This policy setting will enable tagging of Windows Customer Experience Improvement data when a study is being conducted. I
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL). If you enable this policy setting, SSL ciph
This policy setting determines the priority order of ECC curves used with ECDHE cipher suites. If you enable this policy setting,
This policy setting lets you configure Windows spotlight on the lock screen. If you enable this policy setting, "Windows spotligh
This policy setting lets you turn off all Windows Spotlight features at once. If you enable this policy setting, Windows spotlight
This policy setting lets you prevent Windows from using diagnostic data to provide tailored experiences to the user. If you enab
This policy setting turns off experiences that help consumers make the most of their devices and Microsoft account. If you ena
This policy setting prevents Windows tips from being shown to users. If you enable this policy setting, users will no longer see
If you enable this policy, Windows spotlight features like lock screen spotlight, suggested apps in Start menu or Windows tips w
If you enable this policy, Windows Spotlight notifications will no longer be shown on Action Center. If you disable or do not con
This policy setting lets you turn off the Windows Spotlight Windows Welcome experience. This feature helps onboard users to
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that
Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the oth
Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications, since comma
Prevents users from sharing the whole desktop. They will still be able to share individual applications.
Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications, since Explorer
Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.
Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality, but older audio h
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older
Prevents users from receiving video. Users will still be able to send video provided they have the hardware."
Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the rig
Make the automatic acceptance of incoming calls persistent.
Disables the Chat feature of NetMeeting.
Disables the T.126 whiteboard feature of NetMeeting.
Disables the 2.x whiteboard feature of NetMeeting. The 2.x whiteboard is available for compatibility with older versions of Ne
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their com
Configures NetMeeting to download settings for users each time it starts. The settings are downloaded from the URL listed in t
Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
Prevents users from turning on automatic acceptance of incoming calls. This ensures that others cannot call and connect to Ne
Prevents users from changing the way calls are placed, either directly or via a gatekeeper server.
Disables the directory feature of NetMeeting. Users will not logon to a directory (ILS) server when NetMeeting starts. Users w
Prevents users from receiving files from others in a conference.
Prevents users from sending files to others in a conference.
Prevents users from viewing directories as Web pages in a browser.
Limits the size of files users can send to others in a conference.
Sets the URL NetMeeting will display when the user chooses the Help Online Support command.
Sets the level of security for both outgoing and incoming NetMeeting calls.
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement m
Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwid
Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication setti
Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Co
This policy setting controls the default Control Panel view, whether by category or icons. If this policy setting is enabled, the Co
Disables all Control Panel programs and the PC settings app. This setting prevents Control.exe and SystemSettings.exe, the pro
This policy setting controls which Control Panel items such as Mouse, System, or Personalization, are displayed on the Control P
Specifies the list of pages to show or hide from the System Settings app. This policy allows an administrator to block a given se
Enables or disables the retrieval of online tips and help for the Settings app. If disabled, Settings will not contact Microsoft con
Disables the Display Control Panel. If you enable this setting, the Display Control Panel does not run. When users try to start D
Removes the Settings tab from Display in Control Panel. This setting prevents users from using Control Panel to add, configure,
Disables the Color (or Window Color) page in the Personalization Control Panel, or the Color Scheme dialog in the Display Cont
Note: This setting is obsolete and will not be available in the future. Use "Prevent changing lock screen and logon image" instea
Note: This setting is obsolete and will not be available in the future. Use "Do not display the lock screen" or "Prevent enabling l
Note: This setting is obsolete and will not be available in the future. Use "Force a specific default lock screen and logon image"
Note: This setting is obsolete and will not be available in the future. Use "Require a password when a computer wakes" instead
Note: This setting is obsolete and will not be available in the future. Use "Specify the sleep timeout" instead. Specifies how mu
Prevents users from adding or changing the background design of the desktop. By default, users can use the Desktop Backgrou
Prevents users from changing the sound scheme. By default, users can use the Sounds tab in the Sound Control Panel to add, r
Prevents users from changing the mouse pointers. By default, users can use the Pointers tab in the Mouse Control Panel to add
Prevents users from changing the desktop icons. By default, users can use the Desktop Icon Settings dialog in the Personalizati
This setting forces the theme color scheme to be the default color scheme. If you enable this setting, a user cannot change the
This setting disables the theme gallery in the Personalization Control Panel. If you enable this setting, users cannot change or s
Specifies which theme file is applied to the computer the first time a user logs on. If you enable this setting, the theme that yo
Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens. When en
This setting allows you to force a specific visual style file by entering the path (location) of the visual style file. This can be a loc
Prevents users from changing the size of the font in the windows and buttons displayed on their screens. If this setting is enab
This policy setting controls whether the lock screen appears for users. If you enable this policy setting, users that are not requi
Prevents users from changing the background image shown when the machine is locked or when on the logon screen. By defa
Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen. By defau
Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen. By
Forces Windows to use the specified colors for the background and accent. The color values are specified in hex as #RGB. By d
Forces the Start screen to use one of the available backgrounds, 1 through 20, and prevents the user from changing it. If this s
Prevents users from changing the look of their start menu background, such as its color or accent. By default, users can change
This setting allows you to force a specific default lock screen and logon image by entering the path (location) of the image file.
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account p
This policy setting specifies a default logon domain, which might be a different domain than the domain to which the compute
This policy setting allows the administrator to exclude the specified credential providers from use during authentication. Note
This policy setting allows you to control whether a domain user can sign in using a convenience PIN. If you enable this policy se
This policy setting allows you to control whether a domain user can sign in using a picture password. If you enable this policy s
This policy setting allows you to control whether a user can change the time before a password is required when a Connected S
This policy setting allows the administrator to assign a specified credential provider as the default credential provider. If you en
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). This polic
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
This policy setting applies to applications using the Cred SSP component (for example: Remote Desktop Connection). If you en
When running in Restricted Admin or Remote Credential Guard mode, participating apps do not expose signed in or supplied c
Remote host allows delegation of non-exportable credentials When using credential delegation, devices provide an exportable
This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running applicatio
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or o
This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you
This policy setting allows you to configure the display of the password reveal button in password entry user experiences. If you
This policy setting prevents users from changing their Windows password on demand. If you enable this policy setting, the 'Ch
This policy setting prevents users from locking the system. While locked, the desktop is hidden and the system cannot be used
This policy setting prevents users from starting Task Manager. Task Manager (taskmgr.exe) lets users start and stop programs; m
This policy setting disables or removes all menu items and buttons that log the user off the system. If you enable this policy se
This policy setting determines the amount of Windows diagnostic data sent to Microsoft. A value of 0 (Security) will send minim
This policy setting determines the amount of Windows diagnostic data sent to Microsoft. A value of 0 (Security) will send minim
This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device be
With this policy setting, you can forward Connected User Experience and Telemetry requests to a proxy server. If you enable th
This policy setting defines the identifier used to uniquely associate this device’s telemetry data as belonging to a given organiza
This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated pro
This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific se
Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" lis
Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation se
Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
Group ID must be set as a GUID. This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to cr
Specifies the maximum upload bandwidth that Delivery Optimization uses across all concurrent upload activities in KB/second.
Specifies the maximum cache size that Delivery Optimization uses as a percentage of available disk size (1-100).
Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0
Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully
Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar mo
Specifies the minimum download QoS (Quality of Service or speed) for background downloads in KiloBytes/second. This policy
Specifies the drive Delivery Optimization shall use for its cache. By default, %SystemDrive% is used to store the cache. The drive
Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activ
Specifies the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a per
Specifies the minimum content file size in MB enabled to use Peer Caching. Recommended values: 1 MB to 100000 MB.
Specify "true" to allow the device to participate in Peer Caching while connected via VPN to the domain network. This means t
Specifies the minimum RAM size in GB required to use Peer Caching. For example if the minimum set is 1 GB, then devices with
Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The cloud service set default valu
Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on DC p
Enables Active Desktop and prevents users from disabling it. This setting prevents users from trying to enable or disable Active
Disables Active Desktop and prevents users from enabling it. This setting prevents users from trying to enable or disable Active
Prevents the user from enabling or disabling Active Desktop or changing the Active Desktop configuration. This is a comprehen
Adds and deletes specified Web content items. You can use the "Add" box in this setting to add particular Web-based items or
Prevents users from adding Web content to their Active Desktop. This setting removes the "New" button from Web tab in Disp
Prevents users from removing Web content from their Active Desktop. In Active Desktop, you can add items to the desktop bu
Prevents users from deleting Web content from their Active Desktop. This setting removes the Delete button from the Web tab
Prevents users from changing the properties of Web content items on their Active Desktop. This setting disables the Propertie
Removes Active Desktop content and prevents users from adding Active Desktop content. This setting removes all Active Desk
Permits only bitmap images for wallpaper. This setting limits the desktop background ("wallpaper") to bitmap (.bmp) files. If us
Specifies the desktop background ("wallpaper") displayed on all users' desktops. This setting lets you specify the wallpaper on
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional fi
Hides the Active Directory folder in Network Locations. The Active Directory folder displays Active Directory objects in a brows
Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory.
Prevents users from changing the path to their profile folders. By default, a user can change the location of their individual pro
Removes icons, shortcuts, and other default and user-defined items from the desktop, including Briefcase, Recycle Bin, Compu
Prevents users from using the Desktop Cleanup Wizard. If you enable this setting, the Desktop Cleanup wizard does not autom
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar. This setting does not prev
This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view o
Removes most occurrences of the My Documents icon. This setting removes the My Documents icon from the desktop, from F
Removes the Network Locations icon from the desktop. This setting only affects the desktop icon. It does not prevent users fro
This setting hides Properties on the context menu for Computer. If you enable this setting, the Properties option will not be pr
This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. If you enable this p
Remote shared folders are not added to Network Locations whenever you open a document in the shared folder. If you disable
Removes most occurrences of the Recycle Bin icon. This setting removes the Recycle Bin icon from the desktop, from File Explo
Removes the Properties option from the Recycle Bin context menu. If you enable this setting, the Properties option will not be
Prevents users from saving certain changes to the desktop. If you enable this setting, users can change the desktop, but some
Prevents users from manipulating desktop toolbars. If you enable this setting, users cannot add or remove toolbars from the d
Prevents users from adjusting the length of desktop toolbars. Also, users cannot reposition items or toolbars on docked toolbar
Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you
Changes behavior of Microsoft bus drivers to work with specific devices.
Changes behavior of 3rd-party drivers to work around incompatibilities introduced between OS versions.
This policy allows users to use a companion device, such as a phone, fitness band, or IoT device, to sign on to a desktop compu
Specifies whether Virtualization Based Security is enabled. Virtualization Based Security uses the Windows Hypervisor to prov
Deploy Windows Defender Application Control This policy setting lets you deploy a Code Integrity Policy to a machine to contr
This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with dr
This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If y
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would norma
This policy setting allows you to allow or deny remote access to the Plug and Play interface. If you enable this policy setting, r
This policy setting allows you to determine whether members of the Administrators group can install and update the drivers fo
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Wi
This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Wi
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allo
This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is pre
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when t
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting
This policy setting establishes the amount of time (in seconds) that the system will wait to reboot in order to enforce a change
This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a p
This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and
This policy setting specifies a list of device setup class GUIDs describing device drivers that non-administrator members of the b
Determines how the system responds when a user tries to install device driver files that are not digitally signed. This setting es
This policy setting allows you to turn off "Found New Hardware" balloons during device installation. If you enable this policy se
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This p
Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastr
This setting configures the location that Windows searches for drivers when a new piece of hardware is found. By default, Win
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the In
Specifies whether the administrator will be prompted about going to Windows Update to search for device drivers using the In
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable
This policy setting allows you to specify the search server that Windows uses to find updates for device drivers. If you enable t
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain control
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketpla
Specifies whether Digital Locker can run. Digital Locker is a dedicated download manager associated with Windows Marketpla
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T.
This policy setting determines the execution level for S.M.A.R.T.-based disk diagnostics. Self-Monitoring And Reporting Techno
This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system. If you enable this policy
This policy setting turns off power save mode on the hybrid hard disks in the system. If you enable this policy setting, the hard
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you hav
This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting, frequently written fi
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer, and prevents users from
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting. If you ena
This policy setting specifies the default disk quota limit and warning level for new users of the volume. This policy setting dete
This policy setting determines whether the system records an event in the local Application log when users reach their disk quo
This policy setting determines whether the system records an event in the Application log when users reach their disk quota w
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media. If you disable
GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you spec
GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware. This policy setting lets you spec
Specifies that Distributed Link Tracking clients in this domain may use the Distributed Link Tracking (DLT) server, which runs on
Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes, and those confi
Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes
Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution. To use this policy setti
Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of it
Specifies if DNS client computers will register PTR resource records. By default, DNS clients configured to perform dynamic DN
Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses. This polic
Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to comp
Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this p
Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name. An un
Specifies the security level for dynamic DNS updates. To use this policy setting, click Enabled and then select one of the follow
Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level d
Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process. With devolution, a DNS
Specifies if the devolution level that DNS clients will use if they perform primary DNS suffix devolution during the name resoluti
Specifies that link local multicast name resolution (LLMNR) is disabled on client computers. LLMNR is a secondary name resolu
Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the
Specifies that a multi-homed DNS client should optimize name resolution across networks. The setting improves performance
Specifies that the DNS client should prefer responses from link local name resolution protocols on non-domain networks over D
Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualified domain names. If you enable this policy setting
Specifies that responses from link local name resolution protocols received over a network interface that is higher in the bindin
Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on
Specifies whether the DNS client should convert internationalized domain names (IDNs) to the Nameprep form, a canonical Un
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maxim
This policy setting controls the appearance of window animations such as those found when restoring, minimizing, and maxim
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the W
This policy setting allows you to configure the accessibility of the Flip 3D feature. Flip 3D allows the user to view items on the W
This policy setting controls the Start background visuals. If you enable this policy setting, the Start background will use a solid
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this polic
This policy setting controls the default color for window frames when the user does not specify a color. If you enable this polic
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent user
This policy setting controls the ability to change the color of window frames. If you enable this policy setting, you prevent user
This policy setting allows you to turn on logging of misconversion for the misconversion report. If you enable this policy setting
This policy setting allows you to turn off saving the auto-tuning result to file. If you enable this policy setting, the auto-tuning d
This policy setting allows you to turn off history-based predictive input. If you enable this policy setting, history-based predictiv
This policy setting allows you to turn off Open Extended Dictionary. If you enable this policy setting, Open Extended Dictionary
This policy setting allows you to turn off Internet search integration. If you enable this policy setting, you cannot add a new sea
This policy setting allows you to turn off the ability to use a custom dictionary. If you enable this policy setting, you cannot add
This policy setting allows you to restrict character code range of conversion by setting character filter. If you enable this policy
This policy setting allows you to include the Non-Publishing Standard Glyph in the candidate list when Publishing Standard Glyp
This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't e
This policy setting controls the cloud candidates feature, which uses an online service to provide input suggestions that don't e
This policy setting controls the lexicon update feature, which downloads hot and popular words lexicon to local PC. If you enab
This policy setting allows you to specify which boot-start drivers are initialized based on a classification determined by an Early
If you enable this setting, users will not be allowed to switch between recent apps. The App Switching option in the PC settings
This policy setting prevents Windows from keeping track of the apps that are used and searched most frequently. If you enable
This policy setting allows you to prevent the last app and the list of recent apps from appearing when the mouse is pointing to
This policy setting allows you to prevent Search, Share, Start, Devices, and Settings from appearing when the mouse is pointing
This policy setting allows you to prevent users from replacing the Command Prompt with Windows PowerShell in the menu the
Disables help tips that Windows shows to the user. By default, Windows will show the user help tips until the user has success
Disables help tips that Windows shows to the user. By default, Windows will show the user help tips until the user has success
If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge. If you enab
If you disable this policy setting, users will not be able to invoke any system UI by swiping in from any screen edge. If you enab
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder. If you enable this policy s
This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing on
This policy setting locks Enhanced Storage devices when the computer is locked. This policy setting is supported in Windows S
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer. If you e
This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device. If you enable this
This policy setting configures whether or not Windows will activate an Enhanced Storage device. If you enable this policy settin
This policy setting allows you to create a list of IEEE 1667 silos, compliant with the Institute of Electrical and Electronics Enginee
This policy setting allows you to configure a list of Enhanced Storage devices by manufacturer and product ID that are usable o
This policy setting configures how errors are reported to Microsoft, and what information is sent when Windows Error Reportin
This policy setting controls whether users are shown an error dialog box that lets them report an error. If you enable this polic
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal se
This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal se
This policy setting prevents the display of the user interface for critical errors. If you enable this policy setting, Windows Error R
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you en
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically. If you en
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CA
This policy setting determines whether Windows Error Reporting (WER) sends additional, second-level report data even if a CA
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automa
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automa
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By
This policy setting determines whether Windows Error Reporting (WER) checks if the computer is running on battery power. By
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amo
This policy setting determines whether Windows Error Reporting (WER) checks for a network cost policy that restricts the amo
This policy setting controls whether errors in general applications are included in reports when Windows Error Reporting is ena
This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting
This policy setting specifies applications for which Windows Error Reporting should always report errors. To create a list of app
This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled. If you en
This policy setting controls the behavior of the Windows Error Reporting archive. If you enable this policy setting, you can confi
This policy setting controls the behavior of the Windows Error Reporting archive. If you enable this policy setting, you can confi
This policy setting specifies a corporate server to which Windows Error Reporting sends reports (if you do not want to send err
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is
This policy setting determines the behavior of the Windows Error Reporting report queue. If you enable this policy setting, you
This policy setting determines the behavior of the Windows Error Reporting report queue. If you enable this policy setting, you
This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this pol
This policy setting determines the consent behavior of Windows Error Reporting for specific event types. If you enable this pol
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. If y
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings. If y
This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you c
This policy setting determines the default consent behavior of Windows Error Reporting. If you enable this policy setting, you c
This policy setting allows you to configure the server address, refresh interval, and issuer certificate authority (CA) of a target S
This policy setting controls resource usage for the forwarder (source computer) by controlling the events/per second sent to th
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting turns on logging. If you enable or do not configure this policy setting, then events can be written to this log.
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain o
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting specifies the security descriptor to use for the log using the Security Descriptor Definition Language (SDDL) s
This policy setting controls Event Log behavior when the log file reaches its maximum size. If you enable this policy setting and
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and sho
This policy setting specifies the maximum size of the log file in kilobytes. If you enable this policy setting, you can configure the
This policy setting lets you configure Protected Event Logging. If you enable this policy setting, components that support it will
This is the program that will be invoked when the user clicks the events.asp link.
This specifies the command line parameters that will be passed to the events.asp program
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to u
Specify a common set of Windows Defender Exploit Guard system and application mitigation settings that can be applied to all
This policy setting configures File Explorer to always display the menu bar. Note: By default, the menu bar is not displayed in Fi
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Use
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explore
Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by
This policy setting allows administrators who have configured roaming profile in conjunction with Delete Cached Roaming Profi
This policy setting controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace
Specifies whether the PC can use the hibernation sleep state (S4) when started from a Windows To Go workspace. If you enab
Specifies whether the PC can use standby sleep states (S1-S3) when starting from a Windows To Go workspace. If you enable t
This policy setting allows an organization to prevent its devices from showing feedback questions from Microsoft. If you enable
This policy allows users to use a FIDO device, such as a phone, NFC card, to sign on to a desktop computer running Windows 10
This policy setting allows you to turn off File History. If you enable this policy setting, File History cannot be activated to create
This policy setting allows you to configure the recovery behavior for corrupted files to one of three states: Regular: Detection,
Windows Runtime applications can protect content which has been associated with an enterprise identifier (EID), but can only
Determines whether the RPC protocol messagese used by VSS for SMB2 File Shares feature is enabled. VSS for SMB2 File Shar
Symbolic links can introduce vulnerabilities in certain applications. To mitigate this issue, you can selectively enable or disable t
Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond th
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and crea
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creatio
Encrypting the page file prevents malicious users from reading data that has been paged to disk, but also adds processing over
These settings provide control over whether or not short names are generated during file creation. Some applications require
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operatio
TXF deprecated features included savepoints, secondary RM, miniversion and roll forward. Please enable it if you want to use t
This policy turns on Find My Device. When Find My Device is on, the device and its location are registered in the cloud so that
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Program
This policy setting allows you to control whether all redirected shell folders, such as Contacts, Documents, Desktop, Favorites, M
This policy setting allows you to control whether individual redirected shell folders are available offline by default. For the fold
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Program
This policy setting controls whether the contents of redirected folders is copied from the old location to the new location or sim
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to im
This policy setting controls whether folders are redirected on a user's primary computers only. This policy setting is useful to im
This policy setting shows or hides the Details Pane in File Explorer. If you enable this policy setting and configure it to hide the
Hides the Preview Pane in File Explorer. If you enable this policy setting, the Preview Pane in File Explorer is hidden and canno
This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption pro
Windows Game Recording and Broadcasting. This setting enables or disables the Windows Game Recording and Broadcasting
Manages download of game box art and ratings from the Windows Metadata Services. If you enable this setting, game inform
Tracks the last play time of games in the Games folder. If you enable this setting the last played time of games will not be recor
Manages download of game update information from Windows Metadata Services. If you enable this setting, game update inf
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the
This policy setting restricts the permitted system locales to the specified list. If the list is empty, it locks the system locale to its
This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is r
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to
This policy setting restricts users on a computer to the specified list of user locales. If the list is empty, it locks all user locales to
This policy setting prevents users from changing their user geographical location (GeoID). If you enable this policy setting, user
This policy setting prevents users from changing their user geographical location (GeoID). If you enable this policy setting, user
This policy setting prevents the user from customizing their locale by changing their user overrides. Any existing overrides in p
This policy setting prevents the user from customizing their locale by changing their user overrides. Any existing overrides in p
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include i
This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control pan
This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional O
This policy setting removes the regional formats interface from the Region settings control panel. This policy setting is used on
This policy setting restricts the Windows UI language for all users. This is a policy setting for computers with more than one UI
This policy setting restricts the Windows UI language for specific users. This policy setting applies to computers with more than
This policy setting controls which UI language is used for computers with more than one UI language installed. If you enable th
This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region setting
This policy turns off the offer text predictions as I type option. This does not, however, prevent the user or an application from
This policy turns off the insert a space after selecting a text prediction option. This does not, however, prevent the user or an a
This policy turns off the autocorrect misspelled words option. This does not, however, prevent the user or an application from
This policy turns off the highlight misspelled words option. This does not, however, prevent the user or an application from cha
This policy setting controls whether the LPRemove task will run to clean up language packs installed on a machine but are not u
This policy enables the automatic learning component of input personalization that includes speech, inking, and typing. Autom
This policy setting determines how programs interpret two-digit years. This policy setting affects only the programs that use th
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning
This policy setting turns off the automatic learning component of handwriting recognition personalization. Automatic learning
This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Re
This security feature provides a global setting to prevent programs from loading untrusted fonts. Untrusted fonts are any font in
This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a
This security feature provides a means to override individual process MitigationOptions settings. This can be used to enforce a
This policy setting determines whether Windows is allowed to download fonts and font catalog data from an online font provid
This policy setting determines whether the Windows device is allowed to participate in cross-device experiences (continue exp
This policy setting determines whether Windows supports web-to-app linking with app URI handlers. Enabling this policy setti
This policy setting allows you to configure Group Policy caching behavior. If you enable or do not configure this policy setting,
This policy setting allows you to configure Group Policy caching behavior on Windows Server machines. If you enable this polic
Enter “0” to disable Logon Script Delay. This policy setting allows you to configure how long the Group Policy client waits afte
Enabling this setting will cause the Group Policy Client to connect to the same domain controller for DFS shares as is being used
This policy setting prevents the Group Policy Client Service from stopping when idle.
This policy setting allows an administrator to define the Direct Access connection to be considered a fast network connection f
This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (th
This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied. By default, the policy settings in Local
This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy proce
This policy setting allows user-based policy processing, roaming user profiles, and user object logon scripts for interactive logon
This policy setting determines when software installation policies are updated. This policy setting affects all policy settings that
This policy setting determines when disk quota policies are updated. This policy setting affects all policies that use the disk quo
This policy setting determines when encryption policies are updated. This policy setting affects all policies that use the encrypti
This policy setting determines when folder redirection policies are updated. This policy setting affects all policies that use the f
This policy setting determines when Internet Explorer Maintenance policies are updated. This policy setting affects all policies
This policy setting determines when IP security policies are updated. This policy setting affects all policies that use the IP secur
This policy setting determines when registry policies are updated. This policy setting affects all policies in the Administrative Te
This policy setting determines when policies that assign shared scripts are updated. This policy setting affects all policies that u
This policy setting determines when security policies are updated. This policy setting affects all policies that use the security co
This policy setting determines when policies that assign wireless network settings are updated. This policy setting affects all po
This policy setting determines when policies that assign wired network settings are updated. This policy setting affects all polic
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default, interactively logged
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data. By default, interactively logged
Prevents the system from updating the Administrative Templates source files automatically when you open the Group Policy O
This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group
This policy setting allows you to control a user's ability to invoke a computer policy refresh. If you enable this policy setting, us
This policy setting prevents administrators from viewing or using Group Policy preferences. A Group Policy administration (.adm
This policy setting determines which domain controller the Group Policy Object Editor snap-in uses. If you enable this setting,
This policy setting defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is tra
This policy setting defines a slow connection for purposes of applying and updating Group Policy. If the rate at which data is tra
This policy setting specifies how often Group Policy for computers is updated while the computer is in use (in the background).
This policy setting specifies how often Group Policy is updated on domain controllers while they are running (in the background
This policy setting specifies how often Group Policy for users is updated while the computer is in use (in the background). This
This policy setting allows you to set the default display name for new Group Policy objects. This setting allows you to specify th
This policy setting allows you to create new Group Policy object links in the disabled state. If you enable this setting, you can cr
This policy setting lets you always use local ADM files for the Group Policy snap-in. By default, when you edit a Group Policy Ob
This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer. RSoP logs information o
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a com
This policy setting specifies how long Group Policy should wait for workplace connectivity notifications during startup policy pr
This policy setting allows you to configure when preference items in the Applications preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Applications preference extensio
This policy setting allows you to configure when preference items in the Data Sources preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Data Sources preference extensi
This policy setting allows you to configure when preference items in the Devices preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Devices preference extension, an
This policy setting allows you to configure when preference items in the Drive Maps preference extension are updated. If you e
This policy setting allows you to configure the level of detail recorded by event logging for the Drive Maps preference extension
This policy setting allows you to configure when preference items in the Environment preference extension are updated. If you
This policy setting allows you to configure the level of detail recorded by event logging for the Environment preference extensio
This policy setting allows you to configure when preference items in the Files preference extension are updated. If you enable
This policy setting allows you to configure the level of detail recorded by event logging for the Files preference extension, and t
This policy setting allows you to configure when preference items in the Folder Options preference extension are updated. If y
This policy setting allows you to configure the level of detail recorded by event logging for the Folder Options preference exten
This policy setting allows you to configure when preference items in the Folders preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Folders preference extension, an
This policy setting allows you to configure when preference items in the Ini Files preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Ini Files preference extension, an
This policy setting allows you to configure when preference items in the Internet Settings preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Internet preference extension, a
This policy setting allows you to configure when preference items in the Local Users and Groups preference extension are upda
This policy setting allows you to configure the level of detail recorded by event logging for the Local User and Local Group prefe
This policy setting allows you to configure when preference items in the Network Options preference extension are updated. I
This policy setting allows you to configure the level of detail recorded by event logging for the Network Options preference ext
This policy setting allows you to configure when preference items in the Network Shares preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Network Shares preference exte
This policy setting allows you to configure when preference items in the Power Options preference extension are updated. If y
This policy setting allows you to configure the level of detail recorded by event logging for the Power Options preference exten
This policy setting allows you to configure when preference items in the Printers preference extension are updated. If you enab
This policy setting allows you to configure the level of detail recorded by event logging for the Printers preference extension, an
This policy setting allows you to configure when preference items in the Regional Options preference extension are updated. I
This policy setting allows you to configure the level of detail recorded by event logging for the Regional Options preference exte
This policy setting allows you to configure when preference items in the Registry preference extension are updated. If you ena
This policy setting allows you to configure the level of detail recorded by event logging for the Registry preference extension, an
This policy setting allows you to configure when preference items in the Scheduled Tasks preference extension are updated. If
This policy setting allows you to configure the level of detail recorded by event logging for the Scheduled Tasks preference exte
This policy setting allows you to configure when preference items in the Services preference extension are updated. If you ena
This policy setting allows you to configure the level of detail recorded by event logging for the Services preference extension, a
This policy setting allows you to configure when preference items in the Shortcuts preference extension are updated. If you en
This policy setting allows you to configure the level of detail recorded by event logging for the Shortcuts preference extension,
This policy setting allows you to configure when preference items in the Start Menu preference extension are updated. If you e
This policy setting allows you to configure the level of detail recorded by event logging for the Start Menu preference extension
This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When proh
This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in
This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Devices preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Drive Maps preference extension. When a preference extension i
This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension
This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohi
This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is pro
This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extensio
This policy setting allows you to permit or prohibit use of the Ini Files preference extension. When a preference extension is pro
This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference
This policy setting allows you to permit or prohibit use of the Network Options preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Network Shares preference extension. When a preference extens
This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extensio
This policy setting allows you to permit or prohibit use of the Printers preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Regional Options preference extension. When a preference exten
This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extens
This policy setting allows you to permit or prohibit use of the Services preference extension. When a preference extension is pr
This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is p
This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension i
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in
This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited, the Preferences tab does not a
The handwriting panel has 2 modes - floats near the text box, or, attached to the bottom of the screen. Default is floating near
This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specifi
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can p
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting, you can p
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Pre
This policy setting specifies whether active content links in trusted assistance content are rendered. By default, the Help viewe
This policy setting specifies whether users can provide ratings for Help content. If you enable this policy setting, ratings contro
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows O
This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If yo
This policy setting specifies whether Windows can access the Internet to accomplish tasks that require Internet resources. If yo
This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically, a c
This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to p
This policy setting specifies whether to allow printing over HTTP from this client. Printing over HTTP allows a client to print to p
This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing,
This policy setting specifies whether to allow this client to download print driver packages over HTTP. To set up HTTP printing,
This policy setting specifies whether Windows searches Windows Update for device drivers when no local drivers for a device a
This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application. The E
This policy setting specifies whether to show the "Did you know?" section of Help and Support Center. This content is dynamic
This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Se
This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration. If you
This policy setting controls whether or not errors are reported to Microsoft. Error Reporting is used to report information abou
This policy setting allows you to remove access to Windows Update. If you enable this policy setting, all Windows Update featu
This policy setting specifies whether Search Companion should automatically download content updates during local and Inter
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandle
This policy setting specifies whether to use the Microsoft Web service for finding an application to open a file with an unhandle
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file typ
This policy setting specifies whether to use the Store service for finding an application to open a file with an unhandled file typ
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering w
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering w
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The Ord
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders. The Ord
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the
This policy setting specifies whether the tasks "Publish this file to the Web," "Publish this folder to the Web," and "Publish the
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger so
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger so
This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Imp
This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determ
"This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting
Designates the Audio/Video Player ActiveX control as administrator-approved. This control is used for playing sounds, videos, a
Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved. This control enables e
This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. The
Designates Shockwave flash as an administrator approved control. If you enable this policy, this control can be run in security z
Designates a set of Microsoft Network (MSN) Investor controls as administrator-approved. These controls enable users to view
Designates a set of Microsoft ActiveX controls used to manipulate pop-up menus in the browser as administrator-approved. If
Designates the Microsoft Agent ActiveX control as administrator-approved. Microsoft Agent is a set of software services that s
Designates the Microsoft Chat ActiveX control as administrator-approved. This control is used by Web authors to build text-bas
Designates a set of MSNBC controls as administrator-approved. These controls enable enhanced browsing of news reports on
Designates NetShow File Transfer Control as an administrator approved control. If you enable this policy, this control can be ru
Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to rende
Designates Microsoft Survey Control as an administrator approved control. If you enable this policy, this control can be run in s
This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a
This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certifica
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certifica
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the re
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the re
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using th
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using th
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versio
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versio
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. Whe
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. Whe
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this policy
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header. If you enable this policy
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1. If you enable this policy setting, Internet Ex
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1. If you enable this policy setting, Internet Ex
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections. If you enable th
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections. If you enable th
This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests
This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests
This policy setting determines whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help optimize the l
This policy setting determines whether Internet Explorer uses the HTTP2 network protocol. HTTP2 requests help optimize the l
This policy setting allows you to block an insecure fallback to SSL 3.0. When this policy is enabled, Internet Explorer will attemp
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (S
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (S
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings al
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings al
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether users can automatically download and install Web components (such as font
This policy setting allows you to manage whether users can automatically download and install Web components (such as font
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Exp
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Exp
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Expl
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Expl
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run
This policy setting allows you to manage whether software, such as ActiveX controls and file downloads, can be installed or run
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Gener
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Gener
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only soun
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only soun
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only em
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only em
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information. If you enable th
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information. If you enable th
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) infor
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) infor
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box. If you enable this p
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box. If you enable this p
This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature
This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy se
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar. If you enable this policy se
This policy setting allows you to turn on your script debugger, if one is installed. Website developers use script debuggers to tes
This policy setting specifies whether, when there is a problem connecting with an Internet server, to provide a detailed descrip
This policy setting specifies if, as you move from one Web page to another, Internet Explorer fades out of the page you are leav
This policy setting specifies whether to display script errors when a page does not appear properly because of problems with it
This policy setting specifies whether smooth scrolling is used to display content at a predefined speed. If you enable this policy
This policy setting allows you to manage if users can see the button (next to the New Tab button) that opens Microsoft Edge. If
This policy setting allows you to manage if users can see the button (next to the New Tab button) that opens Microsoft Edge. If
This policy setting specifies how you want links on webpages to be underlined. If you enable this policy setting, a user cannot c
This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke
This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke
Restricts the amount of information downloaded for offline viewing. If you enable this policy, you can set limits to the size and
Prevents users from adding channels to Internet Explorer. Channels are Web sites that are updated automatically on your com
Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available
Prevents channel providers from recording information about when their channel pages are viewed by users who are working
Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their compu
Prevents users from adding, editing, or removing schedules for offline viewing of Web pages and groups of Web pages that use
Prevents users from editing an existing schedule for downloading Web pages for offline viewing. When users make Web pages
Prevents users from disabling channel synchronization in Microsoft Internet Explorer. Channels are Web sites that are automati
Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing. When users mak
Disables existing schedules for downloading Web pages for offline viewing. When users make Web pages available for offline v
Prevents content from being downloaded from Web sites that users have subscribed to. When users make Web pages availabl
This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Dow
This policy setting prevents the user from choosing the default text size in Internet Explorer. If you enable this policy setting, th
Removes the Advanced tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Advanced tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Connections tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevent
Removes the Connections tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevent
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and
If you enable this policy setting, users are prevented from seeing and changing ratings, certificates, AutoComplete, Wallet, and
Removes the General tab from the interface in the Internet Options dialog box. If you enable this policy, users are unable to se
Removes the General tab from the interface in the Internet Options dialog box. If you enable this policy, users are unable to se
Removes the Privacy tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented fro
Removes the Privacy tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented fro
Removes the Programs tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Programs tab from the interface in the Internet Options dialog box. If you enable this policy, users are prevented
Removes the Security tab from the interface in the Internet Options dialog box. If you enable this policy, it prevents users from
Removes the Security tab from the interface in the Internet Options dialog box. If you enable this policy, it prevents users from
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized doma
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized doma
This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query st
This policy setting determines whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) to encode query st
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailt
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailt
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors tha
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors tha
This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8), a standard that defines characters so
This policy setting prevents the user from specifying the background color in Internet Explorer. If you enable this policy setting
This policy setting prevents the user from specifying the text color in Internet Explorer. If you enable this policy setting, the use
This policy setting prevents the user from using Windows colors as a part of the display settings. If you enable this policy settin
This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the u
This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was
This policy setting determines whether Internet Explorer saves log information for ActiveX controls. If you enable this policy se
This policy setting determines whether Internet Explorer saves log information for ActiveX controls. If you enable this policy se
This setting determines whether IE automatically downloads updated versions of Microsoft’s VersionList.XML. IE uses this file t
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX
This policy setting allows you to stop users from seeing the "Run this time" button and from running specific outdated ActiveX
This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX contro
This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX contro
This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls a
This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls a
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are
This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denie
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denie
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entere
This policy setting allows you to manage whether the listed processes respect add-on management user preferences (as entere
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved
For each zone, the Binary and Scripted Behavior security restrictions may be configured to allow only a list of admin-approved
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elemen
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files recei
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explore
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explore
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or c
This policy setting allows you to manage whether the Notification bar is displayed for Internet Explorer processes when file or c
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code insta
This policy setting allows you to manage whether the Notification bar is displayed for specific processes when file or code insta
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
Internet Explorer places zone restrictions on each Web page it opens, which are dependent upon the location of the Web page
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more d
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hoste
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from run
File Explorer and Internet Explorer may be configured to prevent active content obtained through restricted protocols from run
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web p
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this p
This policy setting enables blocking of ActiveX control installation prompts for Internet Explorer processes. If you enable this p
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control insta
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file d
This policy setting enables blocking of file download prompts that are not user initiated. If you enable this policy setting, file d
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that a
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
Internet Explorer allows scripts to programmatically open, resize, and reposition windows of various types. The Window Restric
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
For each zone, the Network Protocol Lockdown security restriction may be configured to prevent active content obtained throu
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting,
This policy setting allows you to manage the crash detection feature of add-on Management. If you enable this policy setting,
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide en
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide en
This policy setting turns off Automatic Crash Recovery. If you enable this policy setting, Automatic Crash Recovery does not pro
This policy setting turns off Automatic Crash Recovery. If you enable this policy setting, Automatic Crash Recovery does not pro
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Exp
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Exp
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. If
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager. If
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, se
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, se
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer. If
This policy setting allows you to turn on or turn off the earlier menus (for example, File, Edit, and View) in Internet Explorer. If
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer. If you enable this
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer. If you enable this
Prevents automatic proxy scripts, which interact with a server to automatically configure users' proxy settings, from being store
Prevents branding of Internet programs, such as customization of Internet Explorer and Outlook Express logos and title bars, by
Prevents users from changing settings on the Advanced tab in the Internet Options dialog box. If you enable this policy, users a
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Age
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Age
Specifies that Automatic Detection will be used to configure dial-up settings for users. Automatic Detection uses a DHCP (Dyna
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check. If you enable
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check. If you enable
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudu
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudu
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known
This policy setting allows the user to enable the SmartScreen Filter, which warns the user if the website being visited is known
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is kno
This policy setting prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is kno
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the use
This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the use
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine w
This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine w
This policy setting positions the menu bar above the navigation bar. The navigation bar contains icons for a variety of features,
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block
Specifies that error messages will be displayed to users if problems occur with proxy scripts. If you enable this policy, error me
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command
This policy setting allows you to enforce full-screen mode, which disables the navigation bar, the menu bar, and the Command
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology
This policy setting prevents the user from zooming in to or out of a page to better see the content. If you enable this policy setti
This policy setting prevents the user from zooming in to or out of a page to better see the content. If you enable this policy setti
Prevents users from configuring unique identities by using Identity Manager. Identity Manager enables users to create multiple
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enable
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enable
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to t
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to t
Allows Administrators to enable and disable the Media Explorer Bar and set the auto-play default. The Media Explorer Bar play
This policy setting prevents the user from performing actions which will delete browsing history. For more information on brow
This policy setting prevents the user from performing actions which will delete browsing history. For more information on brow
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box. I
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box. I
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing Hist
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing Hist
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data dur
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data dur
In Internet Explorer 9 and Internet Explorer 10: This policy setting prevents users from deleting ActiveX Filtering and Tracking P
In Internet Explorer 9 and Internet Explorer 10: This policy setting prevents users from deleting ActiveX Filtering and Tracking P
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History di
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History di
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences sele
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences sele
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after ins
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after ins
This policy setting prevents the user from accessing Help in Internet Explorer. If you enable this policy setting, the following oc
This policy setting prevents the user from accessing Help in Internet Explorer. If you enable this policy setting, the following oc
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available, it includes all
This policy setting allows you to turn off suggestions for all user-installed search providers. If you enable this policy setting, the
This policy setting allows you to turn off suggestions for all user-installed search providers. If you enable this policy setting, the
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box. If you enab
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box. If you enab
Prevents Internet Explorer from automatically installing components. If you enable this policy, it prevents Internet Explorer fro
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms th
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms th
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI d
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI d
This policy setting allows you to specify what is displayed when the user opens a new tab. If you enable this policy setting, you
This policy setting allows you to specify what is displayed when the user opens a new tab. If you enable this policy setting, you
This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer. If you enable this p
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer. If you enable this policy setting, the e
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer. If you enable this policy setting, the e
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
Prevents the Internet Explorer splash screen from appearing when users start the browser. If you enable this policy, the splash
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. St
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. St
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Inter
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Inter
Prevents Internet Explorer from checking whether a new version of the browser is available. If you enable this policy, it preven
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applica
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applica
Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potenti
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Intern
This policy setting allows you to specify a list of web sites that will be allowed to open pop-up windows regardless of the Intern
If you enable this policy, the user cannot modify the Accessibility options. All options in the "Accessibility" window on the Gene
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet E
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet E
Prevents users from changing the browser cache settings, such as the location and amount of disk space to use for the Tempor
Prevents users from changing the default programs for managing schedules and contacts. If you enable this policy, the Calenda
Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software pub
Prevents Microsoft Internet Explorer from checking to see whether it is the default browser. If you enable this policy, the Inter
This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser. If yo
Prevents users from changing the default Web page colors. If you enable this policy, the color settings for Web pages appear d
Prevents users from changing dial-up settings. If you enable this policy, the Settings button on the Connections tab in the Inter
Prevents users from changing dial-up settings. If you enable this policy, the Settings button on the Connections tab in the Inter
Prevents users from running the Internet Connection Wizard. If you enable this policy, the Setup button on the Connections ta
Prevents users from changing font settings. If you enable this policy, users will not be able to change font settings for viewing W
This AutoComplete feature suggests possible matches when users are filling up forms. If you enable this setting, the user is no
This AutoComplete feature can remember and suggest User names and passwords on Forms. If you enable this setting, the us
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Tempora
This setting specifies the number of days that Internet Explorer tracks views of pages in the History List. To access the Tempora
The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever
Prevents users from changing language preference settings. If you enable this policy, users will not be able to set language pre
Prevents users from changing the colors of links on Web pages. If you enable this policy, the color settings for links appear dim
Prevents users from changing the default programs for messaging tasks. If you enable this policy, the E-mail, Newsgroups, and
You can allow pop-ups from specific websites by adding the sites to the exception list. If you enable this policy setting, the use
You can allow pop-ups from specific websites by adding the sites to the exception list. If you enable this policy setting, the use
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy settin
This policy setting allows you to manage pop-up management functionality in Internet Explorer. If you enable this policy settin
Prevents users from changing Profile Assistant settings. If you enable this policy, the My Profile button appears dimmed in the
This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to con
This policy setting specifies if a user can change proxy settings. If you enable this policy setting, the user will not be able to con
Prevents users from changing ratings that help control the type of Internet content that can be viewed. If you enable this polic
Prevents users from restoring default settings for home and search pages. If you enable this policy, the Reset Web Settings butt
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, availa
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history, availa
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. If y
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar. If y
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Addres
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Addres
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on co
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on co
Disables using the F3 key to search in Internet Explorer and File Explorer. If you enable this policy, the search functionality of th
Makes the Customize button in the Search Assistant appear dimmed. The Search Assistant is a tool that appears in the Search
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same secu
Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level. If you
Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same securi
Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new compone
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those define
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those define
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP). If you enable
This policy setting allows you to configure how new tabs are created by default in Internet Explorer. If you enable this policy se
This policy setting allows you to configure how new tabs are created by default in Internet Explorer. If you enable this policy se
Applies proxy settings to all users of the same computer. If you enable this policy, users cannot set user-specific proxy settings.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the we
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting controls whether or not the user is allowed to run the TDC ActiveX control on websites. If you enable this po
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into w
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone c
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone c
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local I
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local I
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned o
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned o
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for exam
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone. If yo
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone. If yo
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable th
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone. If you enable th
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone nu
This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone nu
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain. If you ena
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain. If you ena
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping ru
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping ru
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can ru
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate in
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animati
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting allows you to manage whether the user can run scriptlets. If you enable this policy setting, the user can run
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting determines whether scripted windows are automatically displayed. If you enable this policy setting, scripted
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to manage whether script is allowed to update the status bar within the zone. If you enable this
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulne
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open ex
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted, ClickOn
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting determines whether a page can control embedded WebBrowser controls via script. If you enable this policy
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .N
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Micro
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether script code on pages in the zone is run. If you enable this policy setting, scrip
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste)
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functiona
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when t
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a secu
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. If you
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is p
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. If y
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting,
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether pages of the zone may download HTML fonts. If you enable this policy settin
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this op
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage permissions for Java applets. If you enable this policy setting, you can choose options
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME refere
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage settings for logon options. If you enable this policy setting, you can choose from the f
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A M
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage the opening of windows and frames and access of applications across different domai
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one cer
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting manages whether users will be automatically prompted for ActiveX control installations. If you enable this p
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting,
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. If
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script. If you
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls, to check if they'r
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe. If you enable this policy setting, ActiveX controls
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether applets are exposed to scripts within the zone. If you enable this policy settin
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be exec
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the fo
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be e
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store,
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting allows you to manage whether VBScript can be run on pages from the specified zone in Internet Explorer. If
This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on t
This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate
This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate
This policy setting makes hyperlinks change color when the mouse pointer pauses on them. If you enable this policy setting, th
Prevents users from closing Microsoft Internet Explorer and File Explorer. If you enable this policy, the Close command on the
Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share. If you enable this
Prevents users from saving the complete contents that are displayed on or run from a Web page, including the graphics, scripts
Prevents users from opening a new browser window from the File menu. If this policy is enabled, users cannot open a new bro
Prevents users from opening a file or Web page from the File menu in Internet Explorer. If you enable this policy, the Open dia
Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu. If you enable t
Prevents users from displaying tips for users who are switching from Netscape. If you enable this policy, the For Netscape User
Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer. If you enable this policy, th
Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer. If you enable this policy, the T
This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explore
Prevents users from adding, removing, editing or viewing the list of Favorite links. The Favorites list is a way to store popular lin
Prevents using the shortcut menu to open a link in a new browser window. If you enable this policy, users cannot point to a lin
Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk. If you enable th
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8, this policy setting
Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer. If you enable
This policy setting allows you to manage whether users can launch the report site problems dialog using a menu option. If you
This policy setting allows you to manage whether users can launch the report site problems dialog using a menu option. If you
Prevents users from displaying the browser in full-screen (kiosk) mode, without the standard toolbar. If you enable this policy,
Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu. If you enable
This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser
This policy setting specifies whether graphical images are included when pages are displayed. Sometimes, pages that contain s
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional
This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows it
This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displa
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Computer security
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Local Intranet security z
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Trusted Sites security zo
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Internet security zone.
Limits the amount of storage that a page or site using the DHTML Persistence behavior can use for the Restricted Sites security
This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. In
This policy setting controls whether to have background synchronization for feeds and Web Slices. If you enable this policy setti
This policy setting controls whether to have background synchronization for feeds and Web Slices. If you enable this policy setti
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice. If you enable this policy setting, the
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice. If you enable this policy setting, the
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Win
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Win
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypte
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypte
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to pe
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to pe
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to pe
This policy setting allows you to bypass prompting when a script that is running in the Internet Explorer process attempts to pe
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user. N
This policy setting allows you to define applications and processes that can access the Clipboard without prompting the user. N
This policy setting specifies whether the user can conduct a search on the Address bar. If you enable this policy setting, you mu
This policy setting specifies whether the user can conduct a search on the Address bar. If you enable this policy setting, you mu
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on th
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on th
This policy setting allows the user to run natively implemented, scriptable XMLHTTP. If you enable this policy setting, the user
This policy setting allows the user to run natively implemented, scriptable XMLHTTP. If you enable this policy setting, the user
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008,
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The rev
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The rev
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the pa
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the pa
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest obje
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest obje
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. Th
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. Th
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can se
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can se
This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is com
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer. If you enable this p
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer. If you enable this p
Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer. If you enable th
Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars.
Specifies which buttons will be displayed on the standard toolbar in Microsoft Internet Explorer. If you enable this policy, you c
This policy setting allows you to show or hide the Command bar. If you enable this policy setting, the Command bar is hidden a
This policy setting allows you to show or hide the Command bar. If you enable this policy setting, the Command bar is hidden a
This policy setting allows you to show or hide the status bar. If you enable this policy setting, the status bar is hidden and the u
This policy setting allows you to show or hide the status bar. If you enable this policy setting, the status bar is hidden and the u
This policy setting allows you to lock or unlock the toolbars on the user interface. If you enable this policy setting, the toolbars
This policy setting allows you to lock or unlock the toolbars on the user interface. If you enable this policy setting, the toolbars
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons. If you enable this po
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons. If you enable this po
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective
This policy setting allows you to choose among three different labels for command buttons: show all text labels, show selective
This policy setting allows you increase the size of icons for command buttons. If you enable this policy setting, icons for comma
This policy setting allows you increase the size of icons for command buttons. If you enable this policy setting, icons for comma
This policy setting allows you to manage where tabs are displayed. If you enable this policy setting, tabs are displayed on a sep
This policy setting allows you to manage where tabs are displayed. If you enable this policy setting, tabs are displayed on a sep
This policy setting prevents the user from specifying the update check interval. The default value is 30 days. If you enable this
This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tool
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis. If you enable this policy setting
This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls ar
This policy setting allows you to specify how ActiveX controls are installed. If you enable this policy setting, ActiveX controls ar
This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Sug
This policy setting controls the Suggested Sites feature, which recommends websites based on the user’s browsing activity. Sug
This policy setting allows you to turn off the InPrivate Browsing feature. InPrivate Browsing prevents Internet Explorer from sto
This policy setting allows you to turn off the InPrivate Browsing feature. InPrivate Browsing prevents Internet Explorer from sto
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default duri
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default duri
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode. The data consis
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode. The data consis
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode. The threshold sets the number
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode. The threshold sets the number
This policy setting allows you to turn off InPrivate Filtering. InPrivate Filtering helps users control whether third parties can aut
This policy setting allows you to turn off InPrivate Filtering. InPrivate Filtering helps users control whether third parties can aut
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode. The threshold sets the numb
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode. The threshold sets the numb
This policy setting allows you to turn off Tracking Protection. Tracking Protection helps users control whether third parties can
This policy setting allows you to turn off Tracking Protection. Tracking Protection helps users control whether third parties can
This policy setting allows you to add non-default Accelerators. If you enable this policy setting, the specified Accelerators are a
This policy setting allows you to add non-default Accelerators. If you enable this policy setting, the specified Accelerators are a
This policy setting allows you to add default Accelerators. If you enable this policy setting, the specified Accelerators are added
This policy setting allows you to add default Accelerators. If you enable this policy setting, the specified Accelerators are added
This policy setting allows you to manage whether users can access Accelerators. If you enable this policy setting, users cannot
This policy setting allows you to manage whether users can access Accelerators. If you enable this policy setting, users cannot
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy. If yo
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy. If yo
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Expl
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Expl
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she
This policy setting controls the Compatibility View feature, which allows the user to fix website display problems that he or she
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage th
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage th
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View. If you enable
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rende
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rende
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar,
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed, such as the taskbar,
This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionall
This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionall
This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Stan
This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Stan
This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use
This setting lets you decide whether to open all sites not included in the Enterprise Mode Site List in Microsoft Edge. If you use
This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has bee
This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has bee
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set th
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set th
This policy setting allows websites to store indexed database cache information on client computers. If you enable this policy s
This policy setting allows websites to store indexed database cache information on client computers. If you enable this policy s
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage lim
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage lim
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, yo
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting, yo
This policy setting allows websites to store file resources in application caches on client computers. If you enable this policy se
This policy setting allows websites to store file resources in application caches on client computers. If you enable this policy se
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limi
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limi
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting, you
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an app
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an app
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explo
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default, Internet Explo
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop. If you enable this policy setting,
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop. If you enable this policy setting,
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Intern
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide, always in Intern
This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are availabl
This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the XML output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to manage the XML output functionality of the Internet Explorer Site discovery Toolkit(SDTK). Wh
This policy setting allows you to control which site zones are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which site zones are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which Domains are included in the discovery functionality of the Internet Explorer Site
This policy setting allows you to control which Domains are included in the discovery functionality of the Internet Explorer Site
Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to re
Turns off the handwriting recognition error reporting tool. The handwriting recognition error reporting tool enables users to re
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS serve
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually config
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered
If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins m
If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that ar
This policy setting controls whether the domain controller provides information about previous logons to client computers. If y
This policy setting defines the list of trusting forests that the Key Distribution Center (KDC) searches when attempting to resolv
This policy setting allows you to configure a domain controller to support claims and compound authentication for Dynamic Ac
This policy setting allows you to configure at what size Kerberos tickets will trigger the warning event issued during Kerberos au
This policy setting allows you to configure a domain controller to request compound authentication. Note: For a domain contr
Support for PKInit Freshness Extension requires Windows Server 2016 domain functional level (DFL). If the domain controller’s
This policy setting allows you to specify which DNS host names and which DNS suffixes are mapped to a Kerberos realm. If you
This policy setting configures the Kerberos client so that it can authenticate with interoperable Kerberos V5 realms, as defined
This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate
This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part serv
This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated
This policy setting configures the Kerberos client's mapping to KDC proxy servers for domains based on their DNS suffix names.
This policy setting allows you to disable revocation check for the SSL certificate of the targeted KDC proxy server. If you enable
This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating w
This policy setting controls configuring the device's Active Directory account for compound authentication. Support for providi
This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context tok
This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and
This policy setting controls whether a device always sends a compound authentication request when the resource domain requ
Support for device authentication using certificate will require connectivity to a DC in the device account domain which suppor
This policy setting specifies whether a hash generation service generates hashes, also called content information, for data that
This policy setting specifies whether the BranchCache hash generation service supports version 1 (V1) hashes, version 2 (V2) ha
This policy setting determines the cipher suites used by the SMB server. If you enable this policy setting, cipher suites are prior
This policy setting determines how the SMB server selects a cipher suite when negotiating a new connection with an SMB clien
This policy setting determines the cipher suites used by the SMB client. If you enable this policy setting, cipher suites are prior
This policy setting determines if the SMB client will allow insecure guest logons to an SMB server. If you enable this policy setti
This policy setting determines the behavior of Offline Files on clients connecting to an SMB share where the Continuous Availa
This policy setting determines the behavior of SMB handle caching for clients connecting to an SMB share where the Continuo
This policy setting determines whether Diagnostic Policy Service (DPS) diagnoses memory leak problems. If you enable or do n
This policy setting changes the operational behavior of the Mapper I/O network protocol driver. LLTDIO allows a computer to d
This policy setting changes the operational behavior of the Responder network protocol driver. The Responder allows a compu
This policy setting turns off the Windows Location Provider feature for this computer. If you enable this policy setting, the Win
This policy setting ignores the customized run list. You can create a customized list of additional programs and documents that
This policy setting ignores the customized run list. You can create a customized list of additional programs and documents that
This policy setting ignores customized run-once lists. You can create a customized list of additional programs and documents th
This policy setting ignores customized run-once lists. You can create a customized list of additional programs and documents th
This policy is not available in this version of Windows.
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. If you
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the sy
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the sy
This policy setting determines whether Group Policy processing is synchronous (that is, whether computers wait for the netwo
This policy setting suppresses system status messages. If you enable this setting, the system does not display a message remin
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on. If you
This policy setting directs the system to display highly detailed status messages. This policy setting is designed for advanced us
This policy setting allows you to hide the Switch User interface in the Logon UI, the Start menu and the Task Manager. If you en
This policy is not available in this version of Windows.
This policy setting allows you to control whether users see the first sign-in animation when signing in to the computer for the fi
This policy setting ignores Windows Logon Background. This policy setting may be used to make Windows give preference to a
This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen. If you en
This policy setting prevents connected users from being enumerated on domain-joined computers. If you enable this policy se
This policy setting allows local users to be enumerated on domain-joined computers. If you enable this policy setting, Logon U
This policy prevents the user from showing account details (email address or user name) on the sign-in screen. If you enable th
This policy setting allows you to prevent app notifications from appearing on the lock screen. If you enable this policy setting,
This policy setting specifies whether Mobile Device Management (MDM) Enrollment is allowed. When MDM is enabled, it allow
This policy setting specifies whether to attempt Mobile Device Management (MDM) Enrollment. If Successful, the computer w
This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.
This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recomm
This policy setting lets you decide whether the Address bar drop-down functionality is available in Microsoft Edge. We recomm
This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft E
This policy setting lets you decide whether employees can use Autofill to automatically fill in form fields while using Microsoft E
This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. If you enable or don't configu
This policy setting lets you decide whether F12 Developer Tools are available on Microsoft Edge. If you enable or don't configu
This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By
This policy setting lets you decide whether employees can send Do Not Track requests to websites that ask for tracking info. By
This setting lets you decide whether employees can load extensions in Microsoft Edge. If you enable or don't configure this setti
This setting lets you decide whether employees can load extensions in Microsoft Edge. If you enable or don't configure this setti
This policy setting lets you decide whether employees can browse using InPrivate website browsing. If you enable or don't con
This policy setting lets you decide whether employees can browse using InPrivate website browsing. If you enable or don't con
This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Pa
This policy setting lets you decide whether employees can save their passwords locally, using Password Manager. By default, Pa
This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.. If you enable th
This policy setting lets you decide whether to turn on Pop-up Blocker. By default, Pop-up Blocker is turned on.. If you enable th
This policy setting lets you decide whether users can change their search engine. If you disable this setting, users can't add new
This policy setting lets you decide whether users can change their search engine. If you disable this setting, users can't add new
This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employ
This policy setting lets you decide whether search suggestions appear in the Address bar of Microsoft Edge. By default, employ
This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen pro
This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen pro
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens th
This policy setting lets you configure what appears when Microsoft Edge opens a new tab. By default, Microsoft Edge opens th
This policy setting helps you to decide whether to make the Books tab visible, regardless of a device's country or region setting
This policy setting helps you to decide whether to make the Books tab visible, regardless of a device's country or region setting
This setting lets you configure how to work with cookies. If you enable this setting, you must also decide whether to: Allow all
This setting lets you configure how to work with cookies. If you enable this setting, you must also decide whether to: Allow all
This policy setting lets you configure the default search engine for your employees. Your employees can change the default sea
This policy setting lets you configure the default search engine for your employees. Your employees can change the default sea
This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made
This policy setting lets you add up to 5 additional search engines, which can't be removed by your employees, but can be made
This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify
This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify
This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common co
This policy setting lets you configure whether to use Enterprise Mode and the Enterprise Mode Site List to address common co
This policy setting lets you decide whether an employee's LocalHost IP address shows while making calls using the WebRTC pro
This policy setting lets you decide whether an employee's LocalHost IP address shows while making calls using the WebRTC pro
This policy setting lets you configure one or more Start pages for domain-joined devices. Your employees won't be able to chan
This policy setting lets you configure one or more Start pages for domain-joined devices. Your employees won't be able to chan
This policy setting lets you disable the lock down of Start pages, letting users modify the Start pages when the "Configure Start
This policy setting lets you disable the lock down of Start pages, letting users modify the Start pages when the "Configure Start
This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you
This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge. If you
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about poten
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about poten
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about down
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about down
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their f
This policy setting lets you configure the default list of Favorites that appear for your employees. Employees can change their f
This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should on
This policy setting lets you decide whether your intranet sites should all open using Internet Explorer 11. This setting should on
This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been op
This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been op
This policy settings lets you decide whether employees can access the about:flags page, which is used to change developer setti
This policy settings lets you decide whether employees can access the about:flags page, which is used to change developer setti
This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to pr
This policy lets you decide whether Microsoft Edge can gather Live Tile metadata from the ieonline.microsoft.com service to pr
This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the
This policy setting lets you decide whether employees see Microsoft's First Run webpage when opening Microsoft Edge for the
This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge. If you enab
This setting lets you decide whether people can sync their favorites between Internet Explorer and Microsoft Edge. If you enab
If you enable or don’t configure the Adobe Flash Click-to-Run setting, Microsoft Edge will require a user to click the Click-to-Run
If you enable or don’t configure the Adobe Flash Click-to-Run setting, Microsoft Edge will require a user to click the Click-to-Run
This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. If you enable this policy setting
This policy setting allows the automatic clearing of browsing data when Microsoft Edge closes. If you enable this policy setting
This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. If you enable or don't configure this se
This setting lets you decide whether employees can run Adobe Flash in Microsoft Edge. If you enable or don't configure this se
This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites wit
This policy setting lets you decide whether to use the Microsoft Compatibility List (a Microsoft-provided list that helps sites wit
Prevents users from entering author mode. This setting prevents users from opening the Microsoft Management Console (MM
Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins. -- If you enable this setting
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
Permits or prohibits use of this snap-in. If you enable this setting, the snap-in is permitted. If you disable the setting, the snap-
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
Permits or prohibits use of the Group Policy tab in property sheets for the Active Directory Users and Computers and Active Dir
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting, the snap-in is permitted and ca
This policy setting turns off Windows Mobility Center. If you enable this policy setting, the user is unable to invoke Windows M
This policy setting turns off Windows Mobility Center. If you enable this policy setting, the user is unable to invoke Windows M
This policy setting turns off Windows presentation settings. If you enable this policy setting, Windows presentation settings ca
This policy setting turns off Windows presentation settings. If you enable this policy setting, Windows presentation settings ca
When enabled, this policy will prevent all applications and services on the device from new consumer Microsoft account authe
This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary
This policy setting allows you to configure Automatic Maintenance activation random delay. The maintenance random delay is
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if
This policy setting determines the execution level for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (M
This policy setting restricts the tool download policy for Microsoft Support Diagnostic Tool. Microsoft Support Diagnostic Tool (
This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. M
This policy setting allows you to configure the recovery behavior for corrupted MSI files to one of three states: Prompt for Reso
This policy setting allows users to search for installation files during privileged installations. If you enable this policy setting, the
This policy setting allows users to install programs from removable media during privileged installations. If you enable this poli
This policy setting allows users to patch elevated products. If you enable this policy setting, all users are permitted to install pa
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you ena
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system. If you ena
This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or
This policy setting prevents users from searching for installation files when they add features or components to an installed pro
This policy setting controls the ability to turn off all patch optimizations. If you enable this policy setting, all Patch Optimization
This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installatio
This policy setting prevents users from installing any programs from removable media. If you enable this policy setting, if a use
This policy setting restricts the use of Windows Installer. If you enable this policy setting, you can prevent users from installing
This policy setting prevents users from using Windows Installer to install patches. If you enable this policy setting, users are pre
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsucc
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsucc
This policy setting permits users to change installation options that typically are available only to system administrators. If you
This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application
This policy setting controls the ability for users or administrators to remove Windows Installer based updates. This policy settin
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed.
This policy setting allows you to configure user installs. To configure this policy setting, set it to enabled and use the drop-down
This policy setting causes the Windows Installer to enforce strict rules for component upgrades. If you enable this policy settin
This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer
Specifies the types of events that Windows Installer records in its transaction log for each installation. The log, Msi.log, appears
This policy setting allows Web-based programs to install software on the computer without notifying the user. If you disable or
This policy setting specifies the order in which Windows Installer searches for installation files. If you disable or do not configu
This policy setting saves copies of transform files in a secure location on the local computer. Transform files consist of instructio
This policy setting controls the ability to turn off shared components. If you enable this policy setting, no packages on the syste
This policy setting controls the ability to prevent embedded UI. If you enable this policy setting, no packages on the system can
Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. Wh
Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For e
Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon. S
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking
Specifies whether NCA service runs in Passive Mode or not. Set this to Disabled to keep NCA probing actively all the time. If th
Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies th
Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA att
Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log co
This policy setting enables you to specify the URL of the corporate website, against which an active probe is performed.
This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful reso
This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution
This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachabi
This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current dom
This Policy setting enables you to specify passive polling behavior. NCSI polls various measurements throughout the network st
This policy setting enables you to specify DNS binding behavior. NCSI by default will restrict DNS lookups to the interface it is cu
This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with th
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform perio
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain
This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain c
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs th
This policy setting specifies the level of debug output for the Net Logon service. The Net Logon service outputs debug informa
This policy setting specifies the additional time for the computer to wait for the domain controller’s (DC) response when loggin
This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when loggi
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) sh
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs th
This policy setting determines the interval at which Netlogon performs the following scavenging operations: - Checks if a passw
This policy setting specifies the Active Directory site to which computers belong. An Active Directory site is one or more well-c
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) sho
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-lab
This policy setting specifies whether the computers to which this setting is applied attemps DNS name resolution of single-lable
This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records fo
This policy setting determines which DC Locator DNS records are not registered by the Net Logon service. If you enable this po
This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied.
This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Log
This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resourc
This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setti
This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this
This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should r
This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resour
This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. Th
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same th
This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator. The Domain Controller Lo
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC). Note:
This policy setting allows you to control the domain controller (DC) location algorithm. By default, the DC location algorithm pr
This policy setting configures how a domain controller (DC) behaves when responding to a client whose IP address does not ma
This policy setting configures whether the computers to which this setting is applied are more aggressive when trying to locate
Determines whether administrators can add and remove network components for a LAN or remote access connection. This setti
Determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators
Determines whether users can configure advanced TCP/IP settings. If you enable this setting (and enable the "Enable Network
Determines whether a user can install and configure the Network Bridge. Important: This settings is location aware. It only app
Determines whether administrators can enable and disable the components used by LAN connections. If you enable this settin
Determines whether users can delete all user remote access connections. To create an all-user remote access connection, on t
Determines whether users can delete remote access connections. If you enable this setting (and enable the "Enable Network C
Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators. The set of Network Con
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is un
Determines whether Administrators and Network Configuration Operators can change the properties of components used by a
Determines whether users can enable/disable LAN connections. If you enable this setting, the Enable and Disable options for L
Determines whether users can change the properties of a LAN connection. This setting determines whether the Properties me
Determines whether users can use the New Connection Wizard, which creates new network connections. If you enable this se
Prohibits use of Internet Connection Firewall on your DNS domain network. Determines whether users can enable the Interne
Determines whether a user can view and change the properties of remote access connections that are available to all users of
Determines whether users can view and change the properties of components used by a private or all-user remote access conn
Determines whether users can connect and disconnect remote access connections. If you enable this setting (and enable the "
Determines whether users can view and change the properties of their private remote access connections. Private connection
Determines whether nonadministrators can rename all-user remote access connections. To create an all-user connection, on t
Determines whether users can rename LAN or all user remote access connections. If you enable this setting, the Rename optio
Determines whether nonadministrators can rename a LAN connection. If you enable this setting, the Rename option is enable
Determines whether users can rename their private remote access connections. Private connections are those that are availab
Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet conn
Determines whether users can view the status for an active connection. Connection status is available from the connection sta
This policy setting determines whether to require domain users to elevate when setting a network's location. If you enable thi
Specifies whether or not the "local access only" network icon will be shown. When enabled, the icon for Internet access will b
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or wheth
This setting does not apply to desktop apps. A semicolon-separated list of Internet proxy server IP addresses. These addresse
This setting does not apply to desktop apps. A semicolon-separated list of intranet proxy server IP addresses. These addresse
This setting does not apply to desktop apps. A comma-separated list of IP address ranges that are in your corporate network.
This setting does not apply to desktop apps. Turns off Windows Network Isolation's automatic proxy discovery in the domain
This setting does not apply to desktop apps. Turns off Windows Network Isolation's automatic discovery of private network h
This setting does not apply to desktop apps. A pipe-separated list of domain cloud resources. Each cloud resource can also be
This setting does not apply to desktop apps. A comma-separated list of domain names that can be used as both work or perso
This policy setting configures secure access to UNC paths. If you enable this policy, Windows only allows access to the specifie
Makes subfolders available offline whenever their parent folder is made available offline. This setting automatically extends th
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files an
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files an
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the
Determines how computers respond when they are disconnected from particular offline file servers. This setting overrides the
Limits the percentage of the computer's disk space that can be used to store automatically cached offline files. This setting als
This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the use
This policy setting determines whether offline files are encrypted. Offline files are locally cached copies of files from a network
Determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in
Determines which events the Offline Files feature records in the event log. Offline Files records events in the Application log in
Lists types of files that cannot be used offline. This setting lets you exclude certain types of files from automatic and manual ca
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Determines whether network files remain available if the computer is suddenly disconnected from the server hosting the files.
Disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot u
Disables the Offline Files folder. This setting disables the "View Files" button on the Offline Files tab. As a result, users cannot u
Prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab
Prevents users from enabling, disabling, or changing the configuration of Offline Files. This setting removes the Offline Files tab
This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, user
This policy setting prevents users from making network files and folders available offline. If you enable this policy setting, user
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" com
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" com
Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offlin
Hides or displays reminder balloons, and prevents users from changing the setting. Reminder balloons appear above the Offlin
Deletes local copies of the user's offline files when the user logs off. This setting specifies that automatically and manually cach
Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloon
Determines how often reminder balloon updates appear. If you enable this setting, you can select how often reminder balloon
Determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the
Determines how long the first reminder balloon for a network status change is displayed. Reminder balloons appear when the
Determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a ne
Determines how long updated reminder balloons are displayed. Reminder balloons appear when the user's connection to a ne
Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below th
Determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log off. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline
Determines whether offline files are fully synchronized when users log on. This setting also disables the "Synchronize all offline
Determines whether offline files are synchonized before a computer is suspended. If you enable this setting, offline files are sy
Determines whether offline files are synchonized before a computer is suspended. If you enable this setting, offline files are sy
This policy setting allows you to turn on economical application of administratively assigned Offline Files. If you enable or do n
This policy setting controls the network latency and throughput thresholds that will cause a client computers to transition files
This policy setting limits the amount of disk space that can be used to store offline files. This includes the space used by autom
This policy setting controls when background synchronization occurs while operating in slow-link mode, and applies to any use
This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files
This policy setting enables administrators to block certain file types from being created in the folders that have been made ava
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offl
This policy setting removes the "Work offline" command from Explorer, preventing users from manually changing whether Offl
This policy setting determines whether offline files are synchronized in the background when it could result in extra charges on
This policy setting determines whether ActivityFeed is enabled. If you enable this policy setting, all activity types (as applicable
This policy setting determines whether User Activities can be published. If you enable this policy setting, activities of type Use
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety, and will cause all dependent applications to sto
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This setting sets the seed server for the global cloud to a specified node in the enterprise. The Peer Name Resolution Protocol
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This setting sets the seed server for the link local cloud to a specified node in the enterprise. The Peer Name Resolution Protoc
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in th
This policy setting enables or disables PNRP cloud creation. PNRP is a distributed name resolution protocol allowing Internet h
This policy setting limits a node to resolving, but not publishing, names in a specific Peer Name Resolution Protocol (PNRP) clou
This setting sets the seed server for the site local cloud to a specified node in the enterprise. The Peer Name Resolution Protoc
By default, when a Peer Group is created that allows for password-authentication (or the password for such a Group is changed
Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Direc
Windows Hello for Business is an alternative method for signing into Windows using your Active Directory or Azure Active Direc
A Trusted Platform Module (TPM) provides additional security benefits over software because data protected by it cannot be u
Windows Hello for Business enables users to use biometric gestures, such as face and fingerprints, as an alternative to the PIN
PIN recovery enables a user to change a forgotten PIN using the Windows Hello for Business PIN recovery service, without losin
Use this policy setting to configure use of phone sign-in. Phone sign-in provides the ability for a phone to be usable as a compa
Minimum PIN length configures the minimum number of characters required for the PIN. The lowest number you can configur
Maximum PIN length configures the maximum number of characters allowed for the PIN. The largest number you can configur
Use this policy setting to configure the use of uppercase letters in the PIN. If you enable this policy setting, Windows requires u
Use this policy setting to configure the use of lowercase letters in the PIN. If you enable this policy setting, Windows requires u
Use this policy setting to configure the use of special characters in the PIN. Allowable special characters are: ! " # $ % & ' ( ) * +
Use this policy setting to configure the use of digits in the PIN. If you enable or do not configure this policy setting, Windows re
This setting specifies the number of past PINs that can be associated to a user account that can’t be reused. This policy enables
This setting specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The P
Use this policy setting to configure Windows Hello for Business to enroll a sign-in certificate used for on-premises authenticatio
Use this policy setting to configure Windows Hello for Business to enroll a sign-in certificate used for on-premises authenticatio
Configure a comma separated list of credential provider GUIDs, such as face and fingerprint provider GUIDs, to be used as the fi
Configure a comma separated list of signal rules in the form of xml for each signal type. If you enable this policy setting, these
Windows Hello for Business automatically provides smart card emulation for compatibility with smart card enabled application
Windows prevents users on the same computer from enumerating provisioned Windows Hello for Business credentials for oth
This policy setting configures the Program Compatibility Assistant (PCA) to diagnose failures with application and driver compa
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This setting exists only for backward compatibility, and is not valid for this version of Windows. To configure the Program Comp
This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to
This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client
This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is ap
This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy i
This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. Thi
This policy setting specifies whether client computers should attempt the automatic configuration of hosted cache mode by se
This policy setting specifies whether BranchCache-capable client computers operate in a downgraded mode in order to mainta
This policy setting specifies whether client computers are configured to use hosted cache mode and provides the computer na
This policy setting specifies the default age in days for which segments are valid in the BranchCache data cache on client comp
Turns off Tablet PC Pen Training. If you enable this policy setting, users cannot open Tablet PC Pen Training. If you disable or d
Turns off Tablet PC Pen Training. If you enable this policy setting, users cannot open Tablet PC Pen Training. If you disable or d
Determines the execution level for Windows Boot Performance Diagnostics. If you enable this policy setting, you must select a
Determines the execution level for Windows Standby/Resume Performance Diagnostics. If you enable this policy setting, you m
Determines the execution level for Windows System Responsiveness Diagnostics. If you enable this policy setting, you must se
Determines the execution level for Windows Shutdown Performance Diagnostics. If you enable this policy setting, you must se
This policy setting specifies whether to enable or disable tracking of responsiveness events. If you enable this policy setting, re
This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.
This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level. If y
This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action. If
This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action. If yo
This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.
This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: -T
This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Ta
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include:
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. If you enable th
This policy setting specifies the action that Windows takes when a user presses the power button. Possible actions include: -T
This policy setting specifies the action that Windows takes when a user presses the sleep button. Possible actions include: -Ta
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC. Possible actions include:
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button. If you enable th
This policy setting specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy setting, yo
This policy setting specifies the period of inactivity before Windows turns off the hard disk. If you enable this policy setting, yo
This policy setting specifies the active power plan from a specified power plan’s GUID. The GUID for a custom power plan GUID
This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan,
This policy setting allows you to configure client computers to lock and prompt for a password when resuming from a hibernat
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. If you en
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you ena
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you e
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable t
This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the sys
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping. If you en
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate. If you ena
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep. If you e
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep. If you enable t
This policy setting allows you to turn off hybrid sleep. If you enable this policy setting, a hiberfile is not generated when the sys
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computer’s displ
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computer’s displ
This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy s
This policy setting allows you to specify the period of inactivity before Windows turns off the display. If you enable this policy s
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep sta
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep sta
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. Th
This policy setting allows you to manage automatic sleep with open network files. If you enable this policy setting, the comput
This policy setting allows you to manage automatic sleep with open network files. If you enable this policy setting, the comput
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the d
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the d
This policy setting allows you to specify if Windows should enable the desktop background slideshow. If you enable this policy
This policy setting allows you to specify if Windows should enable the desktop background slideshow. If you enable this policy
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user
This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application
This policy setting allows applications and services to prevent automatic sleep. If you enable this policy setting, any application
This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode. If you enable t
This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy settin
This policy setting allows you to specify battery charge level at which Energy Saver is turned on. If you enable this policy settin
This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. If you
This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems. If you
This policy setting allows you to turn off Power Throttling. If you enable this policy setting, Power Throttling will be turned off.
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this
This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run. If you enable this
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline ex
This policy setting allows you to turn on logging for Windows PowerShell modules. If you enable this policy setting, pipeline ex
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you
This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts. If you
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. I
This policy setting enables logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log. I
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet. If you enable t
This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet. If you enable t
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come fro
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come fro
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a pr
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backu
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backu
Internet printing lets you display printers on Web pages so that printers can be viewed, managed, and used across the Internet
Determines if print driver components are isolated from applications instead of normally loading them into applications. Isolati
By default, the Printers folder includes a link to the Microsoft Support Web page called "Get help with printing". It can also incl
If you enable this policy setting, it sets the maximum number of printers (of each type) that the Add Printer wizard will display
Allows users to use the Add Printer Wizard to search the network for shared printers. If you enable this setting or do not config
When printing through a print server, determines whether the print spooler on the client will process print jobs itself, or pass t
Determines whether the XPS Rasterization Service or the XPS-to-GDI conversion (XGC) is forced to use a software rasterizer inst
Adds a link to an Internet or intranet Web page to the Add Printer Wizard. You can use this setting to direct users to a Web pag
Determines whether printers using kernel-mode drivers may be installed on the local computer. Kernel-mode drivers have acc
Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled, it removes the A
If this policy setting is enabled, it prevents users from deleting local and network printers. If a user tries to delete a printer, suc
This policy sets the maximum number of printers (of each type) that the Add Printer wizard will display on a computer on an un
This policy restricts clients computers to use package point and print only. If this setting is enabled, users will only be able to p
Restricts package point and print to approved servers. This policy setting restricts package point and print connections to appr
This policy restricts clients computers to use package point and print only. If this setting is enabled, users will only be able to p
Restricts package point and print to approved servers. This policy setting restricts package point and print connections to appr
If this policy setting is enabled, it specifies the default location criteria used when searching for printers. This setting is a comp
Enables the physical Location Tracking setting for Windows printers. Use Location Tracking to design a location scheme for you
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. Th
This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. Th
Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of sear
Announces the presence of shared printers to print browse master servers for the domain. On domains with Active Directory,
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When prin
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print d
This policy setting allows you to manage where client computers search for Point and Printer drivers. If you enable this policy s
This policy determines if v4 printer drivers are allowed to run printer extensions. V4 printer drivers may include an optional, cu
Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Window
This policy controls whether the print job name will be included in print event logs. If you disable or do not configure this polic
This preference allows you to change default printer management. If you enable this setting, Windows will not manage the de
This policy controls whether the print spooler will accept client connections. When the policy is unconfigured or enabled, the
Determines whether the Add Printer Wizard automatically publishes the computer's shared printers in Active Directory. If you
Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished
Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational
Sets the priority of the pruning thread. The pruning thread, which runs only on domain controllers, deletes printer objects from
Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before
Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not c
Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This settin
Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. B
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View.
This setting prevents users from accessing "Programs and Features" to view, uninstall, change, or repair programs that are curr
This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task. "Installed Updates
This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result, users cannot vie
This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Pa
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the
This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Cate
If you enable this setting, users will not be able to push Apps to this device from the Windows Store App running on other devi
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (Serv
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (Se
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service typ
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (Ser
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (Serv
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (Se
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service typ
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (Ser
Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets rea
Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth re
Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Sch
Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The
Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlle
Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed).
Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetwork
Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Sch
Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). T
This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and W
Determines the execution level for Windows Resource Exhaustion Detection and Resolution. If you enable this policy setting, y
Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Contro
This policy setting allows the system to detect the time of unexpected shutdowns by writing the current time to disk on a sched
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled. If yo
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated. The system state data file
The Shutdown Event Tracker can be displayed when you shut down a workstation or server. This is an extra set of questions th
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assist
This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers run
This policy setting allows you to improve performance in low bandwidth scenarios. This setting is incrementally scaled from "N
This policy setting lets you customize warning messages. The "Display warning message before sharing control" policy setting a
This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer. If you enable this p
This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer. If you enable this p
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a c
This policy setting configures the amount of time (in seconds) that the operating system waits to reboot in order to enforce a c
This policy setting denies read access to the CD and DVD removable storage class. If you enable this policy setting, read access
This policy setting denies read access to the CD and DVD removable storage class. If you enable this policy setting, read access
This policy setting denies write access to the CD and DVD removable storage class. If you enable this policy setting, write acces
This policy setting denies write access to the CD and DVD removable storage class. If you enable this policy setting, write acces
This policy setting denies execute access to the CD and DVD removable storage class. If you enable this policy setting, execute
This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is den
This policy setting denies read access to custom removable storage classes. If you enable this policy setting, read access is den
This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is de
This policy setting denies write access to custom removable storage classes. If you enable this policy setting, write access is de
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies read access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies write access to the Floppy Drives removable storage class, including USB Floppy Drives. If you enable
This policy setting denies execute access to the Floppy Drives removable storage class, including USB Floppy Drives. If you ena
This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this remova
This policy setting denies read access to removable disks. If you enable this policy setting, read access is denied to this remova
This policy setting denies write access to removable disks. If you enable this policy setting, write access is denied to this remov
This policy setting denies write access to removable disks. If you enable this policy setting, write access is denied to this remov
This policy setting denies execute access to removable disks. If you enable this policy setting, execute access is denied to this r
Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage p
Configure access to all removable storage classes. This policy setting takes precedence over any individual removable storage p
This policy setting denies read access to the Tape Drive removable storage class. If you enable this policy setting, read access is
This policy setting denies read access to the Tape Drive removable storage class. If you enable this policy setting, read access is
This policy setting denies write access to the Tape Drive removable storage class. If you enable this policy setting, write access
This policy setting denies write access to the Tape Drive removable storage class. If you enable this policy setting, write access
This policy setting denies execute access to the Tape Drive removable storage class. If you enable this policy setting, execute ac
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies read access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting denies write access to removable disks, which may include media players, cellular phones, auxiliary displays,
This policy setting grants normal users direct access to removable storage devices in remote sessions. If you enable this policy
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making
This policy setting controls whether the RPC runtime generates extended error information when an error occurs. Extended er
This policy setting controls whether the RPC Runtime ignores delegation failures when delegation is requested. The constraine
This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers. This p
This policy setting determines whether the RPC Runtime maintains RPC state information for the system, and how much inform
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files o
This policy setting displays the instructions in logoff scripts as they run. Logoff scripts are batch files of instructions that run wh
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface progra
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface progra
This policy setting displays the instructions in logon scripts as they run. Logon scripts are batch files of instructions that run wh
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during com
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during use
This policy setting determines whether Windows PowerShell scripts are run before non-Windows PowerShell scripts during use
This policy setting displays the instructions in shutdown scripts as they run. Shutdown scripts are batch files of instructions tha
This policy setting lets the system run startup scripts simultaneously. Startup scripts are batch files that run before the user is i
This policy setting displays the instructions in startup scripts as they run. Startup scripts are batch files of instructions that run
This policy setting allows user logon scripts to run when the logon cross-forest, DNS suffixes are not configured, and NetBIOS o
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publi
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Pa
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted
Determines whether scheduled diagnostics will run to proactively detect and resolve system problems. If you enable this polic
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Pa
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Pa
This policy setting allows encrypted items to be indexed. If you enable this policy setting, indexing will attempt to decrypt and
If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is
If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that a
If enabled, the indexer pauses whenever the computer is running on battery. If disabled, the indexing follows the default behav
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can
If enabled, Search and Indexing Options in Control Panel does not allow opening the Modify Locations dialog. Otherwise it can
This policy setting allows words that contain diacritic characters to be treated as separate words. If you enable this policy settin
This policy setting determines when Windows uses automatic language detection results, and when it relies on indexing histor
This policy setting configures whether or not locations on removable drives can be added to libraries. If you enable this policy
This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are disp
This policy setting allows you to control whether or not Search can perform queries on the web over metered connections, and
This policy setting allows you to control what information is shared with Bing in Search. If you enable this policy setting, you ca
This policy setting allows you to control the SafeSearch setting used when performing a query in Search. If you enable this poli
This policy setting configures how Windows Search adds shared folders to the search index. If you enable this policy setting, W
This policy setting allows you to enable or disable the Add/Remove location options on the All Locations menu as well as any d
This policy setting hides or displays the Advanced Options dialog for Search and Indexing Options in the Control Panel. If you e
If enabled, files on network shares made available offline are not indexed. Otherwise they are indexed. Disabled by default.
Enabling this policy allows indexing of mail items on a Microsoft Exchange server when Microsoft Outlook is not running in cac
Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects o
When using Microsoft Office Outlook in online mode, you can enable this policy to control how fast online mail is indexed on a
Enable this policy to prevent indexing of any Microsoft Outlook items. The default is to automatically index Outlook items. If th
Enable this policy setting to prevent the indexing of the content of e-mail attachments. If enabled, indexing service component
Enabling this policy defines a semicolon-delimited list of file extensions which will be allowed to have rich attachment previews
Enable this policy to prevent indexing public folders in Microsoft Office Outlook. When this policy is disabled or not configured
Store indexer database in this directory. This directory must be located on a local fixed drive.
Enabling this policy allows you to add a primary intranet search location within Windows Desktop Search. The value of this text
Enabling this policy allows you to add intranet search locations in addition to the primary intranet search location defined in th
Enabling this policy allows you to set the location of the preview pane in the Desktop Search results. You can also turn off the p
Enabling this policy allows you to specify whether you want large icon or small icon view for your Desktop Search results. The t
Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the sa
Enabling this policy prevents Windows Desktop Search from using iFilters and protocol handlers unless they are specified in the
Enabling this policy removes the option of searching the Web from Windows Desktop Search. When this policy is disabled or n
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts
If you enable this policy setting, you specify a list of paths to exclude from indexing. The user cannot enter any path that starts
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude the
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude the
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths
Enabling this policy allows you to edit the list of file types to exclude from indexing. The end user cannot modify this list. You sh
This policy setting prevents search queries from being stored in the registry. If you enable this policy setting, search suggestion
This policy setting specifies whether Cortana is allowed on the device. If you enable or don't configure this setting, Cortana w
This policy setting determines whether or not the user can interact with Cortana using speech while the system is locked. If yo
This policy setting specifies whether search and Cortana can provide location aware search and Cortana results. If this is enab
Allow search and Cortana to search cloud sources like OneDrive and SharePoint
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory dom
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned o
This policy setting turns off the sensor feature for this computer. If you enable this policy setting, the sensor feature is turned o
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turne
This policy setting turns off the location feature for this computer. If you enable this policy setting, the location feature is turne
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature w
This policy setting turns off scripting for the location feature. If you enable this policy setting, scripts for the location feature w
This policy setting allows you to turn off the automatic display of Server Manager at logon. If you enable this policy setting, Se
This policy setting allows you to set the refresh interval for Server Manager. Each refresh provides Server Manager with update
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows S
This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy settin
This policy setting specifies the network locations that will be used for the repair of operating system corruption and for enabli
Prevent syncing to and from this PC. This turns off and disables the "sync your settings" switch on the "sync your settings" pag
Prevent the "app settings" group from syncing to and from this PC. This turns off and disables the "app settings" group on the
Prevent the "passwords" group from syncing to and from this PC. This turns off and disables the "passwords" group on the "sy
Prevent the "personalize" group from syncing to and from this PC. This turns off and disables the "personalize" group on the "s
Prevent the "AppSync" group from syncing to and from this PC. This turns off and disables the "AppSync" group on the "sync y
Prevent the "Other Windows settings" group from syncing to and from this PC. This turns off and disables the "Other Windows
Prevent the "desktop personalization" group from syncing to and from this PC. This turns off and disables the "desktop person
Prevent the "browser" group from syncing to and from this PC. This turns off and disables the "browser" group on the "sync yo
Prevent syncing to and from this PC when on metered Internet connections. This turns off and disables "sync your settings on
Prevent the "Start layout" group from syncing to and from this PC. This turns off and disables the "Start layout" group on the "s
Specifies an alternate location for Windows Service Pack installation files. If you enable this policy setting, enter the fully quali
Specifies an alternate location for Windows installation files. If you enable this policy setting, enter the fully qualified path to t
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool
Turns off data sharing from the handwriting recognition personalization tool. The handwriting recognition personalization tool
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS). If you enab
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS). If you
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within
This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a h
This policy setting prevents users from running the interactive command prompt, Cmd.exe. This policy setting also determines
Disables the Windows registry editor Regedit.exe. If you enable this policy setting and the user tries to start Regedit.exe, a me
Limits the Windows programs that users have permission to run on the computer. If you enable this policy setting, users can o
Prevents Windows from running the programs you specify in this policy setting. If you enable this policy setting, users cannot r
This policy setting prevents the display of the Welcome Center at user logon. If you enable this policy setting, the Welcome Ce
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the
This policy setting allows you to turn off desktop gadgets. Gadgets are small applets that display information or utilities on the
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed
This policy setting allows you to restrict the installation of unsigned gadgets. Desktop gadgets can be deployed as compressed
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windo
This policy setting allows you to turn off desktop gadgets that have been installed by the user. If you enable this setting, Windo
This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: * U
Enable this setting to prevent the OneDrive sync client (OneDrive.exe) from generating network traffic (checking for updates, e
This policy setting lets you prevent apps and features from working with files on OneDrive for Windows 8.1. If you enable this
This policy setting allows configuration of OneDrive file sync behavior on metered connections.
This policy setting lets you disable OneDrive as the default save location. It does not prevent apps and users from saving files o
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon. In versions of Win
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).
This policy settings lets you configure if all your valid logon certificates are displayed. During the certificate renewal period, a u
This policy setting allows you to manage the reading of all certificates from the smart card for logon. During logon Windows w
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon. If you enable this p
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid. Under previous v
This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted. If you enable or
This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root ce
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted. If you enab
This policy setting allows you to manage the displayed message when a smart card is blocked. If you enable this policy setting,
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. B
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting, Creden
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user
This policy setting allows you to control whether Smart Card Plug and Play is enabled. If you enable or do not configure this po
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is install
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to lo
This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users befo
App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only
This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen pro
This policy setting lets you configure whether to turn on Windows Defender SmartScreen. Windows Defender SmartScreen pro
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about poten
This policy setting lets you decide whether employees can override the Windows Defender SmartScreen warnings about poten
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service. S
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP)
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent. Simple Network Ma
Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record
Specifies whether Sound Recorder can run. Sound Recorder is a feature of Microsoft Windows Vista that can be used to record
Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model co
This policy setting controls whether the Classification tab is displayed in the Properties dialog box in File Explorer. The Classific
This policy setting controls which set of properties is available for classifying files on affected computers. Administrators can de
This policy setting specifies the message that users see when they are denied access to a file or folder. You can customize the A
This Group Policy Setting should be set on Windows clients to enable access-denied assistance for all file types
If you enable this policy setting, the recent programs list in the start menu will be blank for each new user. If you disable or do
If you enable this policy the start menu will not show a link to the Games folder. If you disable or do not configure this policy, t
If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search b
If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in
If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. T
If you enable this policy setting the Start menu search box will not search for files. If you disable or do not configure this policy
If you enable this policy the start menu search box will not search for internet history or favorites. If you disable or do not confi
If you enable this policy setting the Start menu search box will not search for programs or Control Panel items. If you disable o
If you enable this policy the start menu search box will not search for communications. If you disable or do not configure this p
If you enable this policy the start menu will not show a link to the user's storage folder. If you disable or do not configure this p
If you enable this setting, the Run command is added to the Start menu. If you disable or do not configure this setting, the Run
This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar. If you enable this policy setting, the Quick
Clear history of recently opened documents on exit. If you enable this setting, the system deletes shortcuts to recently used do
This policy only applies to the classic version of the start menu and does not affect the new style start menu. Adds the "Log Off
Displays Start menu shortcuts to partially installed programs in gray text. This setting makes it easier for users to distinguish be
Disables personalized menus. Windows personalizes long menus by moving recently used items to the top of the menu and hi
This setting affects the taskbar, which is used to switch between running applications. The taskbar includes the Start button, lis
Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process. All DOS and 16-bit programs
This setting affects the notification area, also called the "system tray." The notification area is located in the task bar, generally
Hides pop-up text on the Start menu and in the notification area. When you hold the cursor over an item on the Start menu o
This policy setting allows you to prevent users from changing their Start screen layout. If you enable this setting, you will preve
If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will
This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its
Specifies the Start layout for users. This setting lets you specify the Start layout for users and prevents them from changing its
This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen:
This policy setting prevents users from performing the following commands from the Windows security screen, the logon scree
Removes items in the All Users profile from the Programs menu on the Start menu. By default, the Programs menu contains ite
Prevents users from adding the Favorites menu to the Start menu or classic Start menu. If you enable this setting, the Display F
This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements.
If you enable this setting, the frequently used programs list is removed from the Start menu. If you disable this setting or do no
This policy setting allows you to remove the Help command from the Start menu. If you enable this policy setting, the Help com
This policy setting allows you to turn off user tracking. If you enable this policy setting, the system does not track the programs
If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu. Selecting "Collap
This policy setting allows you to remove Network Connections from the Start Menu. If you enable this policy setting, users are
If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start m
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents. I
Removes the Recent Items menu from the Start menu. Removes the Documents menu from the classic Start menu. The Recen
This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut. If yo
This policy setting prevents the system from using NTFS tracking features to resolve a shortcut. If you enable this policy setting
Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager. If you enable this setting,
This policy setting allows you to remove programs on Settings menu. If you enable this policy setting, the Control Panel, Printe
This policy setting allows you to prevent changes to Taskbar and Start Menu Settings. If you enable this policy setting, The user
This policy setting allows you to remove the Default Programs link from the Start menu. If you enable this policy setting, the D
This policy setting allows you to remove the Documents icon from the Start menu and its submenus. If you enable this policy s
This policy setting allows you to remove the Music icon from Start Menu. If you enable this policy setting, the Music icon is no
This policy setting allows you to remove the Network icon from Start Menu. If you enable this policy setting, the Network icon
This policy setting allows you to remove the Pictures icon from Start Menu. If you enable this policy setting, the Pictures icon i
Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden. This setting is
This setting affects the presentation of the Start menu. The classic Start menu in Windows 2000 Professional allows users to b
Prevents the clock in the system notification area from being displayed. If you enable this setting, the clock will not be displaye
This setting affects the taskbar buttons used to switch between running programs. Taskbar grouping consolidates similar appli
This setting affects the taskbar. The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the
This policy setting allows you to remove access to the context menus for the taskbar. If you enable this policy setting, the men
This setting affects the notification area (previously called the "system tray") on the taskbar. Description: The notification area
This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003. I
This policy setting allows you to remove links and access to Windows Update. If you enable this policy setting, users are preven
If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked. I
This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restorin
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start
This policy setting allows you to remove the Downloads link from the Start Menu. If you enable this policy setting, the Start M
This policy setting allows you to remove the Recorded TV link from the Start Menu. If you enable this policy setting, the Start M
This policy setting allows you to remove the Videos link from the Start Menu. If you enable this policy setting, the Start Menu
If you enable this setting, users cannot uninstall apps from Start. If you disable this setting or do not configure it, users can acc
Set the default action of the power button on the Start menu. If you enable this setting, the Start Menu will set the power butt
This policy setting shows or hides the "Run as different user" command on the Start application bar. If you enable this setting,
This policy setting allows users to go to the desktop instead of the Start screen when they sign in. If you enable this policy setti
This policy setting allows the Apps view to be opened by default when the user goes to Start. If you enable this policy setting,
This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from
This policy setting allows desktop apps to be listed first in the Apps view in Start. If you enable this policy setting, desktop apps
This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. Thi
If you enable this policy and set it to Start menu or full screen Start, Start will be that size and users will be unable to change th
This policy allows you to remove the People Bar from the taskbar and disables the My People experience. If you enable this po
Allows downloading new updates to ML Model parameters for predicting storage disk failure. Enabled: Updates would be dow
Allows you to disable System Restore configuration through System Protection. This policy setting allows you to turn off System
Allows you to disable System Restore. This policy setting allows you to turn off System Restore. System Restore enables users,
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is ava
Turns off the integration of application auto complete lists with Tablet PC Input Panel in applications where this behavior is ava
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory th
Prevents Input Panel tab from appearing on the edge of the Tablet PC screen. Tablet PC Input Panel is a Tablet PC accessory th
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Prevents the Tablet PC Input Panel icon from appearing next to any text entry area in applications where this behavior is availa
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and W
Adjusts password security settings in Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and W
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only
Includes rarely used Chinese, Kanji, and Hanja characters when handwriting is converted to typed text. This policy applies only
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture
Turns off both the more tolerant scratch-out gestures that were added in Windows Vista and the Z-shaped scratch-out gesture
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from prov
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from prov
Prevents start of InkBall game. If you enable this policy, the InkBall game will not run. If you disable this policy, the InkBall gam
Prevents start of InkBall game. If you enable this policy, the InkBall game will not run. If you disable this policy, the InkBall gam
Prevents start of Windows Journal. If you enable this policy, the Windows Journal accessory will not run. If you disable this po
Prevents start of Windows Journal. If you enable this policy, the Windows Journal accessory will not run. If you disable this po
Prevents printing to Journal Note Writer. If you enable this policy, the Journal Note Writer printer driver will not allow printing
Prevents printing to Journal Note Writer. If you enable this policy, the Journal Note Writer printer driver will not allow printing
Prevents the snipping tool from running. If you enable this policy setting, the Snipping Tool will not run. If you disable this pol
Prevents the snipping tool from running. If you enable this policy setting, the Snipping Tool will not run. If you disable this pol
Disables visual pen action feedback, except for press and hold feedback. If you enable this policy, all visual pen action feedbac
Disables visual pen action feedback, except for press and hold feedback. If you enable this policy, all visual pen action feedbac
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this beha
Removes the Back->ESC mapping that normally occurs when menus are visible, and for applications that subscribe to this beha
Prevents the user from launching an application from a Tablet PC hardware button. If you enable this policy, applications cann
Prevents the user from launching an application from a Tablet PC hardware button. If you enable this policy, applications cann
Prevents press and hold actions on hardware buttons, so that only one action is available per button. If you enable this policy,
Prevents press and hold actions on hardware buttons, so that only one action is available per button. If you enable this policy,
Turns off Tablet PC hardware buttons. If you enable this policy, no actions will occur when the buttons are pressed, and the bu
Turns off Tablet PC hardware buttons. If you enable this policy, no actions will occur when the buttons are pressed, and the bu
Makes pen flicks learning mode unavailable. If you enable this policy, pen flicks are still available but learning mode is not. Pen
Makes pen flicks learning mode unavailable. If you enable this policy, pen flicks are still available but learning mode is not. Pen
Makes pen flicks and all related features unavailable. If you enable this policy, pen flicks and all related features are unavailable
Makes pen flicks and all related features unavailable. If you enable this policy, pen flicks and all related features are unavailable
This policy setting allows you to remove the battery meter from the system control area. If you enable this policy setting, the b
This policy setting allows you to remove the networking icon from the system control area. If you enable this policy setting, the
This policy setting allows you to remove the volume control icon from the system control area. If you enable this policy setting
This policy setting allows you to remove Security and Maintenance from the system control area. If you enable this policy setti
This policy setting allows you to lock all taskbar settings. If you enable this policy setting, the user cannot access the taskbar co
This policy setting allows you to prevent users from adding or removing toolbars. If you enable this policy setting, the user is n
This policy setting allows you to prevent users from rearranging toolbars. If you enable this policy setting, users are not able to
This policy setting allows you to turn off all notification balloons. If you enable this policy setting, no notification balloons are s
This policy setting allows you to prevent users from moving taskbar to another screen dock location. If you enable this policy s
This policy setting allows you to prevent users from resizing the taskbar. If you enable this policy setting, users are not be able
This policy setting allows you to turn off taskbar thumbnails. If you enable this policy setting, the taskbar thumbnails are not d
This policy setting allows you to remove pinned programs from the taskbar. If you enable this policy setting, pinned programs a
This policy setting allows you to turn off automatic promotion of notification icons to the taskbar. If you enable this policy setti
This policy disables the functionality that converts balloons to toast notifications. If you enable this policy setting, system and
This policy setting allows you to turn off feature advertisement balloon notifications. If you enable this policy setting, certain n
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations. The Start Menu and T
This policy setting allows you to control pinning programs to the Taskbar. If you enable this policy setting, users cannot change
This policy setting allows you to control pinning items in Jump Lists. If you enable this policy setting, users cannot pin files, fold
This policy setting allows you to prevent taskbars from being displayed on more than one monitor. If you enable this policy setti
This policy setting allows users to see Windows Store apps on the taskbar. If you enable this policy setting, users will see Wind
This policy setting removes Notifications and Action Center from the notification area on the taskbar. The notification area is lo
This policy setting allows you to control pinning the Store app to the Taskbar. If you enable this policy setting, users cannot pin
By default, the calendar is set according to the locale of the operating system, and users can show an additional calendar. For z
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for exis
Limits newly scheduled to items on the user's Start menu, and prevents the user from changing the scheduled program for exis
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Sched
This setting removes the "Open advanced properties for this task when I click Finish" checkbox from the last page of the Sched
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder. This setting disabl
Prevents users from adding or removing tasks by moving or copying programs in the Scheduled Tasks folder. This setting disabl
Prevents users from starting and stopping tasks manually. This setting removes the Run and End Task items from the context m
Prevents users from starting and stopping tasks manually. This setting removes the Run and End Task items from the context m
Prevents users from viewing and changing the properties of an existing task. This setting removes the Properties item from the
Prevents users from viewing and changing the properties of an existing task. This setting removes the Properties item from the
Prevents users from creating new tasks. This setting removes the Add Scheduled Task item that starts the New Task Wizard. Al
Prevents users from creating new tasks. This setting removes the Add Scheduled Task item that starts the New Task Wizard. Al
Prevents users from deleting tasks from the Scheduled Tasks folder. This setting removes the Delete command from the Edit m
Prevents users from deleting tasks from the Scheduled Tasks folder. This setting removes the Delete command from the Edit m
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP), an address-to-router and h
This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router. If you
This policy setting allows you to configure 6to4, an address assignment and router-to-router automatic tunneling technology th
This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 net
This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interva
This policy setting allows you to configure Teredo, an address assignment and automatic tunneling technology that provides un
This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client com
This policy setting allows you to configure the Teredo refresh rate. Note: On a periodic basis (by default, every 30 seconds), Ter
This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0, the
This policy setting allows you to set Teredo to be ready to communicate, a process referred to as qualification. By default, Tered
This policy setting allows you to configure IP-HTTPS, a tunneling technology that uses the HTTPS protocol to provide IP connecti
This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify con
This policy setting allows you to configure IP Stateless Autoconfiguration Limits. If you enable or do not configure this policy se
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Se
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote co
This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remot
This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer o
This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they
This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy settin
This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load b
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Serv
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Serv
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing a
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing a
This policy setting allows you to specify whether font smoothing is allowed for remote connections. Font smoothing provides C
This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addre
This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP add
Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD
This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed application
This policy setting specifies whether Remote Desktop IP Virtualization is turned on. By default, Remote Desktop IP Virtualizatio
Controls whether a user can save passwords using Remote Desktop Connection. If you enable this setting the credential saving
Controls whether passwords can be saved on this computer from Remote Desktop Connection. If you enable this setting the p
Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD
This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You
This policy setting specifies whether to require the use of a specific security layer to secure communications between clients an
This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host
This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically
Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through a
If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Sessi
Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host se
This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.
This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this po
This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Re
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. You can use this s
This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off a
This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is con
This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop licens
This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to
Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setti
This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this s
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.
If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option
If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option
This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting, use
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to spe
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to spe
This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Deskt
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initi
Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's h
This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By defa
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting rem
This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive. This policy setting onl
This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remot
This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote De
This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote co
This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Rem
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client pr
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client pr
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redire
This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services se
This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Por
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions
This policy setting allows you to specify the RD Session Host server fallback printer driver behavior. By default, the RD Session
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. If you ena
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services ses
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecur
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Co
This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the far
This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote D
This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redi
This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this po
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this po
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be i
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be i
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active be
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active be
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff. You can
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can us
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signe
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signe
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote con
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the c
This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote
This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use. By default, serve
This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, liv
This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable
This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting o
This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is a
This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. R
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirec
This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtuali
This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC)
This policy setting allows you to configure graphics encoding to use the RemoteFX Codec on the Remote Desktop Session Host
This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth an
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol. If you enab
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer. File Exp
This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders. File Explor
Turns off the caching of thumbnails in hidden thumbs.db files. This policy setting allows you to configure File Explorer to cache
Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. If
Turn off Tablet PC touch input Turns off touch input, which allows the user to interact with their computer using their finger. If
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch d
Turn off Panning Turns off touch panning, which allows users pan inside windows by touch. On a compatible PC with a touch d
This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local comp
This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Window
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) comm
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) comman
This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted P
This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted
This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted P
This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time
This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices
This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other tha
This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to
This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settin
This policy setting configures the number of milliseconds that the computer waits when retrieving user settings from the settin
This policy setting configures where the settings package files that contain user settings are stored. If you enable this policy setti
This policy setting configures where the settings package files that contain user settings are stored. If you enable this policy setti
This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package fil
This policy setting allows you to configure the UE-V Agent to write a warning event to the event log when a settings package fil
This policy setting configures where custom settings location templates are stored and if the catalog will be used to replace the
This policy setting configures the synchronization of user settings which are common between the versions of Internet Explore
This policy setting configures the synchronization of user settings which are common between the versions of Internet Explore
This policy setting configures the synchronization of user settings for Internet Explorer 8. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 8. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Intern
This policy setting configures the synchronization of user settings for Internet Explorer 9. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 10. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Internet Explorer 11. By default, the user settings of Intern
This policy setting configures the synchronization of user settings of Calculator. By default, the user settings of Calculator synch
This policy setting configures the synchronization of user settings of Calculator. By default, the user settings of Calculator synch
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchro
This policy setting configures the synchronization of user settings of Notepad. By default, the user settings of Notepad synchro
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchr
This policy setting configures the synchronization of user settings of WordPad. By default, the user settings of WordPad synchr
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Office 2016 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings
This policy setting configures the synchronization of user settings for OneDrive for Business 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2016. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft Project 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2016. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2016. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2016. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2016. By default, the user settings of Mic
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 a
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2016 a
This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Access 2016. Microsoft Access 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settin
This policy setting configures the backup of certain user settings for Microsoft Excel 2016. Microsoft Excel 2016 has user settin
This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft Lync 2016. Microsoft Lync 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has us
This policy setting configures the backup of certain user settings for Microsoft OneNote 2016. Microsoft OneNote 2016 has us
This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user
This policy setting configures the backup of certain user settings for Microsoft Outlook 2016. Microsoft Outlook 2016 has user
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 ha
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2016. Microsoft PowerPoint 2016 ha
This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Project 2016. Microsoft Project 2016 has user se
This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has us
This policy setting configures the backup of certain user settings for Microsoft Publisher 2016. Microsoft Publisher 2016 has us
This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft Visio 2016. Microsoft Visio 2016 has user setting
This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settin
This policy setting configures the backup of certain user settings for Microsoft Word 2016. Microsoft Word 2016 has user settin
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2016
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2016. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2016. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2016. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2016. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2016. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2016. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Excel 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Office 2013 Upload Center. By default, the user
This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings
This policy setting configures the synchronization of user settings for OneDrive for Business 2013. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2013. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2013. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2013. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2013. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2013. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2013. By default, the user settings of Mic
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 a
This policy setting configures the backup of certain user settings which are common between the Microsoft Office Suite 2013 a
This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Access 2013. Microsoft Access 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Excel 2013. Microsoft Excel 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user
This policy setting configures the backup of certain user settings for Microsoft InfoPath 2013. Microsoft InfoPath 2013 has user
This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Lync 2013. Microsoft Lync 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has us
This policy setting configures the backup of certain user settings for Microsoft OneNote 2013. Microsoft OneNote 2013 has us
This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user
This policy setting configures the backup of certain user settings for Microsoft Outlook 2013. Microsoft Outlook 2013 has user
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 ha
This policy setting configures the backup of certain user settings for Microsoft PowerPoint 2013. Microsoft PowerPoint 2013 ha
This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Project 2013. Microsoft Project 2013 has user se
This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has us
This policy setting configures the backup of certain user settings for Microsoft Publisher 2013. Microsoft Publisher 2013 has us
This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint
This policy setting configures the backup of certain user settings for Microsoft SharePoint Designer 2013. Microsoft SharePoint
This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Visio 2013. Microsoft Visio 2013 has user setting
This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settin
This policy setting configures the backup of certain user settings for Microsoft Word 2013. Microsoft Word 2013 has user settin
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2013
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Access 2013. Microsoft Office 365 sy
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Excel 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 InfoPath 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 Lync 2013. Microsoft Office 365 sync
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 OneNote 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Outlook 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 PowerPoint 2013. Microsoft Office 3
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Project 2013. Microsoft Office 365 s
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 Publisher 2013. Microsoft Office 365
This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft
This policy setting configures the synchronization of user settings for Microsoft Office 365 SharePoint Designer 2013. Microsoft
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Visio 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings for Microsoft Office 365 Word 2013. Microsoft Office 365 syn
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010
This policy setting configures the synchronization of user settings which are common between the Microsoft Office Suite 2010
This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Access 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Excel 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft InfoPath 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft OneNote 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Lync 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Outlook 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft PowerPoint 2010. By default, the user settings
This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Project 2010. By default, the user settings of M
This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft Publisher 2010. By default, the user settings of
This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the us
This policy setting configures the synchronization of user settings for Microsoft SharePoint Workspace 2010. By default, the us
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user
This policy setting configures the synchronization of user settings for Microsoft SharePoint Designer 2010. By default, the user
This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Word 2010. By default, the user settings of Mic
This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for Microsoft Visio 2010. By default, the user settings of Micr
This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance s
This policy setting configures the synchronization of user settings for the Finance app. By default, the user settings of Finance s
This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync
This policy setting configures the synchronization of user settings for the Maps app. By default, the user settings of Maps sync
This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync
This policy setting configures the synchronization of user settings for the News app. By default, the user settings of News sync
This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports syn
This policy setting configures the synchronization of user settings for the Sports app. By default, the user settings of Sports syn
This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync
This policy setting configures the synchronization of user settings for the Travel app. By default, the user settings of Travel sync
This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weathe
This policy setting configures the synchronization of user settings for the Weather app. By default, the user settings of Weathe
This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sy
This policy setting configures the synchronization of user settings for the Reader app. By default, the user settings of Reader sy
This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sy
This policy setting configures the synchronization of user settings for the Games app. By default, the user settings of Games sy
This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync
This policy setting configures the synchronization of user settings for the Music app. By default, the user settings of Music sync
This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync
This policy setting configures the synchronization of user settings for the Video app. By default, the user settings of Video sync
This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will sync
This policy setting configures the synchronization of Windows settings between computers. Certain Windows settings will sync
This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
This policy setting allows you to enable or disable User Experience Virtualization (UE-V). Only applies to Windows 10 or earlier.
This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ co
This policy setting configures the sync provider used by User Experience Virtualization (UE-V) to sync settings between users’ co
This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers r
This policy setting configures the synchronization of User Experience Virtualization (UE-V) rollback information for computers r
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. B
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings for Windows apps. B
This policy setting enables the User Experience Virtualization (UE-V) tray icon. By default, an icon appears in the system tray th
This policy setting enables a notification in the system tray that appears when the User Experience Virtualization (UE-V) Agent
This policy setting defines the default settings sync behavior of the User Experience Virtualization (UE-V) Agent for Windows ap
This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage p
This policy setting allows you to configure the User Experience Virtualization (UE-V) sync provider to ping the settings storage p
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting defines whether the User Experience Virtualization (UE-V) Agent synchronizes settings over metered connec
This policy setting specifies the text of the Contact IT URL hyperlink in the Company Settings Center. If you enable this policy se
This policy setting specifies the URL for the Contact IT link in the Company Settings Center. If you enable this policy setting, the
This policy setting adds the Administrator security group to the roaming user profile share. Once an administrator has configur
This policy setting disables the more secure default setting for the user's roaming user profile folder. After an administrator ha
This policy setting restores the definitions of the %HOMESHARE% and %HOMEPATH% environment variables to those used in W
This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive w
This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connecti
This policy setting provides users with the ability to download their roaming profile, even when a slow network connection wit
This policy setting lets you exclude folders that are normally included in the user's profile. As a result, these folders do not need
This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software
This policy setting sets the maximum size of each user profile and determines the system's response when a user profile reache
This setting determines if roaming user profiles are available on a particular computer. By default, when roaming profile users l
This policy setting controls how long Windows waits for a user response before it uses a default user profile for roaming user p
This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user
This policy setting determines how many times the system tries to unload and update the registry portion of a user profile. Wh
This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their pro
This policy setting directs the system to wait for the remote copy of the roaming user profile to load, even when loading is slow
This policy setting defines a slow connection for roaming user profiles and establishes thresholds for two tests of network spee
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used with
This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files
This policy setting controls whether Windows forcefully unloads the user's registry at logoff, even if there are open handles to
This policy setting controls how long Windows waits for a response from the network before logging on a user without a remot
This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all us
This policy setting sets the schedule for background uploading of a roaming user profile's registry file (ntuser.dat). This policy se
This setting prevents users from managing the ability to allow apps to access the user name, account picture, and domain infor
This policy setting turns off the advertising ID, preventing apps from using the ID for experiences across apps. If you enable thi
This policy setting controls on a per-computer basis whether roaming profiles are downloaded on a user's primary computers o
This policy setting allows you to specify the location and root (file share or local path) of a user's home folder for a logon sessio
This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of BitLocker Drive Encryption re
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard can display and specify BitLocker
This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard pro
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setti
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied
This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs
This policy setting lets you configure the entire recovery message or replace the existing URL that are displayed on the pre-boo
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker. Enhanced startup PI
This policy setting specifies the constraints for passwords used to unlock BitLocker-protected operating system drives. If non-TP
This policy setting allows you to control whether or not platform validation data is refreshed when Windows is started followin
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs, provide
This policy setting allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker. These
This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This p
This policy setting allows you to choose specific Boot Configuration Data (BCD) settings to verify during platform validation. If y
This policy setting allows you to control how BitLocker-protected operating system drives are recovered in the absence of the r
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting allows you to control whether the BitLocker Drive Encryption setup wizard will be able to set up an additiona
This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (L
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to configure how the computer's Trusted Platform Module (TPM) security hardware secures the B
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setti
This policy setting allows you to manage BitLocker’s use of hardware-based encryption on operating system drives and specify
This policy setting allows users to turn on authentication options that require user input from the pre-boot environment, even
This policy setting allows users on devices that are compliant with InstantGo or Microsoft Hardware Security Test Interface (HST
This policy setting allows you to configure whether Secure Boot will be allowed as the platform integrity provider for BitLocker
This policy setting allows you to control how BitLocker-protected fixed data drives are recovered in the absence of the required
This policy setting specifies whether a password is required to unlock BitLocker-protected fixed data drives. If you choose to pe
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. If yo
This policy setting configures whether or not fixed data drives formatted with the FAT file system can be unlocked and viewed o
This policy setting allows you to specify whether smart cards can be used to authenticate user access to the BitLocker-protecte
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting allows you to manage BitLocker’s use of hardware-based encryption on fixed data drives and specify which e
This policy setting allows you to control how BitLocker-protected removable data drives are recovered in the absence of the req
This policy setting controls the use of BitLocker on removable data drives. This policy setting is applied when you turn on BitLoc
This policy setting specifies whether a password is required to unlock BitLocker-protected removable data drives. If you choose
This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable d
This policy setting configures whether or not removable data drives formatted with the FAT file system can be unlocked and vie
This policy setting allows you to specify whether smart cards can be used to authenticate user access to BitLocker-protected re
This policy setting allows you to configure the encryption type used by BitLocker Drive Encryption. This policy setting is applied
This policy setting allows you to manage BitLocker’s use of hardware-based encryption on removable data drives and specify w
This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for doma
This policy setting specifies a set of parameters for controlling the Windows NTP Client. If you enable this policy setting, you ca
This policy setting specifies whether the Windows NTP Client is enabled. Enabling the Windows NTP Client allows your compu
This policy setting allows you to specify whether the Windows NTP Server is enabled. If you enable this policy setting for the W
This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at
This policy setting prevents computers from establishing multiple simultaneous connections to either the Internet or to a Wind
This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming p
This policy setting specifies that power management is disabled when the machine enters connected standby mode. If this po
This policy setting determines the data retention limit for Diagnostic Policy Service (DPS) scenario data. If you enable this polic
This policy setting determines the execution level for Diagnostic Policy Service (DPS) scenarios. If you enable this policy setting
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing
By default, Add features to Windows 10 is available for all administrators. If you enable this policy setting, the wizard will not r
By default, Add features to Windows 10 is available for all administrators. If you enable this policy setting, the wizard will not r
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can
This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not. If you enab
This policy setting allows you to manage whether backups of a machine can run to a network share or not. If you enable this p
This policy setting allows you to manage whether backups of a machine can run to an optical media or not. If you enable this p
This policy setting allows you to manage whether run-once backups of a machine can be run or not. If you enable this policy s
This policy setting affects the ability of users to install or uninstall color profiles. If you enable this policy setting, users cannot i
This policy setting affects the ability of users to install or uninstall color profiles. If you enable this policy setting, users cannot i
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are t
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting, the wizards are t
This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enable
Allows an administrator to specify if Automatic Exclusions feature for Server SKUs should be turned off. Disabled (Default): Wi
This policy setting controls the load priority for the antimalware service. Increasing the load priority will allow for faster service
This policy setting turns off Windows Defender Antivirus. If you enable this policy setting, Windows Defender Antivirus does n
This policy setting controls whether or not complex list settings configured by a local administrator are merged with Group Poli
This policy setting allows you to configure whether Windows Defender Antivirus automatically takes action on all detected thre
This policy, if defined, will prevent antimalware from using the configured proxy server when communicating with the specified
This policy setting defines the URL of a proxy .pac file that should be used when the client attempts to connect the network for
This policy setting allows you to configure the named proxy that should be used when the client attempts to connect to the ne
This policy setting allows you to enable or disable randomization of the scheduled scan start time and the scheduled definition
This policy setting allows you to configure whether or not the antimalware service remains running when antivirus and antispy
This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scannin
This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qua
This policy setting allows you to disable scheduled and real-time scanning for any file opened by any of the specified processes
This policy setting allows you to configure protocol recognition for network protection against exploits of known vulnerabilities
This policy setting allows you to configure definition retirement for network protection against exploits of known vulnerabilitie
This policy setting defines additional definition sets to enable for network traffic inspection. Definition set GUIDs should be add
This policy setting configures a local override for the configuration of the number of days items should be kept in the Quarantin
This policy setting defines the number of days items should be kept in the Quarantine folder before being removed. If you ena
This policy setting allows you to configure behavior monitoring. If you enable or do not configure this setting, behavior monito
This policy setting allows you to configure scanning for all downloaded files and attachments. If you enable or do not configure
This policy setting allows you to configure monitoring for file and program activity. If you enable or do not configure this settin
This policy setting controls whether raw volume write notifications are sent to behavior monitoring. If you enable or do not co
This policy setting turns off real-time protection prompts for known malware detection. Windows Defender Antivirus alerts yo
This policy setting allows you to configure process scanning when real-time protection is turned on. This helps to catch malwar
This policy setting defines the maximum size (in kilobytes) of downloaded files and attachments that will be scanned. If you en
This policy setting configures a local override for the configuration of behavior monitoring. This setting can only be set by Grou
This policy setting configures a local override for the configuration of monitoring for file and program activity on your compute
This policy setting configures a local override for the configuration of scanning for all downloaded files and attachments. This s
This policy setting configures a local override for the configuration to turn on real-time protection. This setting can only be set b
This policy setting configures a local override for the configuration of monitoring for incoming and outgoing file activity. This se
This policy setting allows you to configure monitoring for incoming and outgoing files, without having to turn off monitoring en
This policy setting configures a local override for the configuration of the time to run a scheduled full scan to complete remedia
This policy setting allows you to specify the day of the week on which to perform a scheduled full scan in order to complete rem
This policy setting allows you to specify the time of day at which to perform a scheduled full scan in order to complete remedia
This policy setting configures the time in minutes before a detection in the "additional action" state moves to the "cleared" sta
This policy setting configures the time in minutes before a detection in the “critically failed” state to moves to either the “additi
This policy setting allows you to configure whether or not Watson events are sent. If you enable or do not configure this settin
This policy setting configures the time in minutes before a detection in the "non-critically failed" state moves to the "cleared" s
This policy setting configures the time in minutes before a detection in the "completed" state moves to the "cleared" state.
This policy configures Windows software trace preprocessor (WPP Software Tracing) components.
This policy allows you to configure tracing levels for Windows software trace preprocessor (WPP Software Tracing). Tracing lev
Use this policy setting to specify if you want Windows Defender Antivirus enhanced notifications to display on clients. If you d
This policy setting allows you to manage whether or not end users can pause a scan in progress. If you enable or do not config
This policy setting allows you to configure the maximum directory depth level into which archive files such as .ZIP or .CAB are u
This policy setting allows you to configure the maximum size of archive files such as .ZIP or .CAB that will be scanned. The value
This policy setting allows you to configure the maximum percentage CPU utilization permitted during a scan. Valid values for th
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a sca
This policy setting allows you to configure scans for malicious software and unwanted software in archive files such as .ZIP or .C
This policy setting allows you to configure catch-up scans for scheduled full scans. A catch-up scan is a scan that is initiated bec
This policy setting allows you to configure catch-up scans for scheduled quick scans. A catch-up scan is a scan that is initiated b
This policy setting allows you to configure e-mail scanning. When e-mail scanning is enabled, the engine will parse the mailbox
This policy setting allows you to configure heuristics. Suspicious detections will be suppressed right before reporting to the eng
This policy setting allows you to configure scanning for packed executables. It is recommended that this type of scanning rema
This policy setting allows you to manage whether or not to scan for malicious software and unwanted software in the contents
This policy setting allows you to configure reparse point scanning. If you allow reparse points to be scanned, there is a possible
This policy setting allows you to create a system restore point on the computer on a daily basis prior to cleaning. If you enable
This policy setting allows you to configure scanning mapped network drives. If you enable this setting, mapped network drives
This policy setting allows you to configure scanning for network files. It is recommended that you do not enable this setting. If
This policy setting configures a local override for the configuration of maximum percentage of CPU utilization during scan. This
This policy setting configures a local override for the configuration of the scan type to use during a scheduled scan. This setting
This policy setting configures a local override for the configuration of scheduled scan day. This setting can only be set by Group
This policy setting configures a local override for the configuration of scheduled quick scan time. This setting can only be set by
This policy setting configures a local override for the configuration of scheduled scan time. This setting can only be set by Grou
This policy setting defines the number of days items should be kept in the scan history folder before being permanently remov
This policy setting allows you to specify an interval at which to perform a quick scan. The time value is represented as the num
This policy setting allows you to configure scheduled scans to start only when your computer is on but not in use. If you enable
This policy setting allows you to specify the scan type to use during a scheduled scan. Scan type options are: 1 = Quick Scan (d
This policy setting allows you to specify the day of the week on which to perform a scheduled scan. The scan can also be config
This policy setting allows you to specify the time of day at which to perform a daily quick scan. The time value is represented as
This policy setting allows you to specify the time of day at which to perform a scheduled scan. The time value is represented as
This policy setting allows you to define the number of consecutive scheduled scans that can be missed after which a catch-up s
This policy setting allows you to define the number of days that must pass before spyware definitions are considered out of da
This policy setting allows you to define the number of days that must pass before virus definitions are considered out of date. I
This policy setting allows you to configure UNC file share sources for downloading definition updates. Sources will be contacted
This policy setting allows you to configure the automatic scan which starts after a definition update has occurred. If you enable
This policy setting allows you to configure definition updates when the computer is running on battery power. If you enable or
This policy setting allows you to configure definition updates on startup when there is no antimalware engine present. If you e
This policy setting allows you to define the order in which different definition update sources should be contacted. The value o
This policy setting allows you to enable download of definition updates from Microsoft Update even if the Automatic Updates
This policy setting allows you to enable real-time definition updates in response to reports sent to Microsoft MAPS. If the servi
This policy setting allows you to specify the day of the week on which to check for definition updates. The check can also be co
This policy setting allows you to specify the time of day at which to check for definition updates. The time value is represented
This policy setting allows you to configure the antimalware service to receive notifications to disable individual definitions in re
This policy setting allows you to define the number of days after which a catch-up definition update will be required. By default
This policy setting allows you to specify an interval at which to check for definition updates. The time value is represented as th
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur immediately after se
This feature ensures the device checks in real time with the Microsoft Active Protection Service (MAPS) before allowing certain
This policy setting configures a local override for the configuration to join Microsoft MAPS. This setting can only be set by Grou
This policy setting allows you to join Microsoft MAPS. Microsoft MAPS is the online community that helps you choose how to r
This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. Possible options are: (0
This policy setting customize which remediation action will be taken for each listed Threat ID when it is detected during a scan.
This policy setting allows you to customize which automatic remediation action will be taken for each threat alert level.Threat a
This policy setting allows you to configure whether or not to display AM UI to the users. If you enable this setting AM UI won't
This policy setting allows user to supress reboot notifications in UI only mode (for cases where UI can't be in lockdown mode).
Use this policy setting to specify if you want Windows Defender Antivirus notifications to display on clients. If you disable or do
This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an ac
This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. If
This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make
Enable or disable Windows Defender Exploit Guard network protection to prevent employees from using any application to acc
Enable or disable controlled folder access for untrusted applications. Block: Untrusted applications cannot modify or delete fil
Set the state for each Attack Surface Reduction (ASR) rule. After enabling this setting, you can set each rule to the following in
Exclude files and paths from Attack Surface Reduction (ASR) rules. Enabled: Specify the folders or files and resources that sho
Add additional applications that should be considered "trusted" by controlled folder access. These applications are allowed to
Specify additional folders that should be guarded by the Controlled folder access feature. Files in these folders cannot be mod
Hide the Firewall and network protection area in the Windows Defender Security Center. Enabled: The Firewall and network p
Hide the Firewall and network protection area in the Windows Defender Security Center. Enabled: The Firewall and network p
Hide the App and browser protection area in the Windows Defender Security Center. Enabled: The App and browser protectio
Prevent users from making changes to the Exploit protection settings area in the Windows Defender Security Center. Enabled:
Hide the Device performance and health area in the Windows Defender Security Center. Enabled: The Device performance an
Hide the Family options area in the Windows Defender Security Center. Enabled: The Family options area will be hidden. Disa
Hide notifications from the Windows Defender Security Center. Enabled: Local users will not see notifications from the Wind
Only show critical notifications from the Windows Defender Security Center. If the Suppress all notifications GP setting has bee
Display specified contact information to local users in Windows Defender Security Center notifications. Enabled: Your compan
Display specified contact information to local users in a contact card flyout menu in the Windows Defender Security Center En
Specify the company name that will be displayed in the Windows Defender Security Center and associated notifications. This s
Specify the phone number or Skype ID that will be displayed in the Windows Defender Security Center and associated notificati
Specify the email address or email ID that will be displayed in the Windows Defender Security Center and associated notificatio
Specify the URL that will be displayed in the Windows Defender Security Center and associated notifications. Users can click o
Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 20
Removes the list of most recently used files from the Open dialog box. If you disable this setting or do not configure it, the "Fil
Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features adde
Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify fr
This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior. If you enable this settin
Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin. If you en
This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting, Windows is d
This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the u
"This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on th
This policy setting allows you to turn off caching of thumbnail pictures. If you enable this policy setting, thumbnail views are n
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if yo
This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the mov
Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display
This policy setting allows you to remove the DFS tab from File Explorer. If you enable this policy setting, the DFS (Distributed Fi
This policy setting allows you to hide these specified drives in My Computer. This policy setting allows you to remove the icons
Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Ne
Removes the File menu from My Computer and File Explorer. This setting does not prevent users from using other methods to
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explore
Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in C
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer o
This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a work
Prevents users from using File Explorer or Network Locations to map or disconnect network drives. If you enable this setting, t
When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you ca
Prevents users from submitting alternate logon credentials to install a program. This setting suppresses the "Install Program As
Removes the Security tab from File Explorer. If you enable this setting, users opening the Properties dialog box for all file syste
This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the S
Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item. If you enab
Prevents users from using My Computer to gain access to the content of selected drives. If you enable this setting, users can b
Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For exa
This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File
Prompts users for alternate logon credentials during network-based installations. This setting displays the "Install Program As O
Limits the percentage of a volume's disk space that can be used to store deleted files. If you enable this setting, the user has a
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full fun
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full fun
If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer w
This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search result
This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu
This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and
This policy setting allows you to specify a list of known folders that should be disabled. Disabling a known folder will prevent th
This policy setting allows you to turn off the display of snippets in Content view mode. If you enable this policy setting, File Exp
This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If yo
Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical orde
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical orde
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in t
This policy setting allows you to specify a location where all default Library definition files for users/machines reside. If you en
This policy setting allows you to specify a location where all default Library definition files for users/machines reside. If you en
This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users befo
Shows or hides lock from the user tile menu. If you enable this policy setting, the lock option will be shown in the User Tile me
Shows or hides sleep from the power options menu. If you enable this policy setting, the sleep option will be shown in the Pow
Shows or hides hibernate from the power options menu. If you enable this policy setting, the hibernate option will be shown i
This policy removes the end-user notification for new application associations. These associations are based on file types (e.g.
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are o
This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are o
This policy specifies the path to a file (e.g. either stored locally or on a network location) that contains file type and protocol de
This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons. If you enable this policy setti
This policy setting specifies an alternate location for the Windows File Protection cache. If you enable this policy setting, enter
This policy setting specifies the maximum amount of disk space that can be used for the Windows File Protection file cache. W
This policy setting allows you to set when Windows File Protection scans protected files. This policy setting directs Windows Fil
This policy setting hides the file scan progress window. This window provides status information to sophisticated users, but it m
Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport. If you enable this po
Allows you to view and change the program exceptions list defined by Group Policy. Windows Defender Firewall uses two prog
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local program exceptions
Turns on Windows Defender Firewall. If you enable this policy setting, Windows Defender Firewall runs and ignores the "Comp
Specifies that Windows Defender Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Wind
Allows inbound file and printer sharing. To do this, Windows Defender Firewall opens UDP ports 137 and 138, and TCP ports 13
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Defender Firewall allows. Utilities ca
Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives. If you enab
Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defende
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Defender Firewall uses two
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list.
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) a
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Defender Firewall opens TCP port 338
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. If you enable this po
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with buil
Allows you to view and change the program exceptions list defined by Group Policy. Windows Defender Firewall uses two prog
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local program exceptions
Turns on Windows Defender Firewall. If you enable this policy setting, Windows Defender Firewall runs and ignores the "Comp
Specifies that Windows Defender Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Wind
Allows inbound file and printer sharing. To do this, Windows Defender Firewall opens UDP ports 137 and 138, and TCP ports 13
Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Defender Firewall allows. Utilities ca
Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives. If you enab
Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defende
Allows you to view and change the inbound port exceptions list defined by Group Policy. Windows Defender Firewall uses two
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list.
Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) a
Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Defender Firewall opens TCP port 338
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. If you enable this po
Allows this computer to receive unsolicited inbound Plug and Play messages sent by network devices, such as routers with buil
Allow Windows Ink Workspace
Allow suggested apps in Windows Ink Workspace
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled, Window
This policy setting allows you to turn off do not show first use dialog boxes. If you enable this policy setting, the Privacy Option
This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode
This policy setting allows you to prevent video smoothing from occurring. If you enable this policy setting, video smoothing is p
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet. If you en
This policy setting allows you to prevent media sharing from Windows Media Player. If you enable this policy setting, any user
This policy setting allows you to prevent media information for music files from being retrieved from the Internet. If you enabl
This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar. If you enable this
This policy setting allows you to prevent radio station presets from being retrieved from the Internet. If you enable this policy s
This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop. If you enable th
This policy setting allows a screen saver to interrupt playback. If you enable this policy setting, a screen saver is displayed durin
This policy setting allows you to prevent Windows Media Player from downloading codecs. If you enable this policy setting, the
Prevents the anchor window from being displayed when Windows Media Player is in skin mode. This policy hides the anchor w
This policy setting allows you to hide the Privacy tab in Windows Media Player. If you enable this policy setting, the "Update m
This policy setting allows you to hide the Security tab in Windows Media Player. If you enable this policy setting, the default se
This policy setting allows you to set and lock Windows Media Player in skin mode, using a specified skin. If you enable this poli
This policy setting allows you to specify the HTTP proxy settings for Windows Media Player. If you enable this policy setting, se
This policy setting allows you to specify the MMS proxy settings for Windows Media Player. If you enable this policy setting, se
This policy setting allows you to specify the RTSP proxy settings for Windows Media Player. If you enable this policy setting, sel
This policy setting allows you to hide the Network tab. If you enable this policy setting, the Network tab in Windows Media Pla
This policy setting allows you to specify whether network buffering uses the default or a specified number of seconds. If you e
This policy setting allows you to specify that Windows Media Player can attempt to use selected protocols when receiving strea
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Window
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting, Window
This policy setting allows you to prevent Windows Messenger from running. If you enable this policy setting, Windows Messen
This policy setting allows you to prevent Windows Messenger from running. If you enable this policy setting, Windows Messen
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unen
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authenticatio
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentic
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentica
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentica
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses the list specified in T
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service automatically listens on
This policy setting turns on or turns off an HTTP listener created for backward compatibility purposes in the Windows Remote M
This policy setting turns on or turns off an HTTPS listener created for backward compatibility purposes in the Windows Remote
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Basic authentic
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives une
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service will not allow RunAs cre
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Negotiate auth
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts Kerberos crede
This policy setting allows you to manage whether the Windows Remote Management (WinRM) service accepts CredSSP authe
This policy setting allows you to set the hardening level of the Windows Remote Management (WinRM) service with regard to
This policy setting configures access to remote shells. If you enable or do not configure this policy setting, new remote shell co
This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is a
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the syste
This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote s
This policy setting configures the maximum number of processes a remote shell is allowed to launch. If you enable this policy
This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system. Any
Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to
Denies or allows access to the Store application. If you enable this setting, access to the Store application is denied. Access to
Enables or disables the automatic download and installation of app updates. If you enable this setting, the automatic downloa
Enables or disables the automatic download of app updates on PCs running Windows 8. If you enable this setting, the automa
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application
Enables or disables the Store offer to update to the latest version of Windows. If you enable this setting, the Store application
Disable turns off the launch of all apps from the Windows Store that came pre-installed or were downloaded. Apps will not be
Denies access to the retail catalog in the Windows Store app, but displays the private store. If you enable this setting, users wil
Denies access to the retail catalog in the Windows Store app, but displays the private store. If you enable this setting, users wil
This setting controls automatic updates to a user's computer. Whenever a user connects to the Internet, Windows searches fo
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Win
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is displayed in the Shut Down Win
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choic
This policy setting allows you to manage whether the 'Install Updates and Shut Down' option is allowed to be the default choic
This setting allows you to remove access to Windows Update. If you enable this setting, all Windows Update features are remo
Specifies whether this computer will receive security updates and other important downloads through the Windows automatic
Specifies an intranet server to host updates from Microsoft Update. You can then use this update service to automatically upda
Specifies the hours that Windows will use to determine how long to wait before checking for available updates. The exact wait
This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Confi
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update
This policy setting allows you to control whether users see detailed enhanced notification messages about featured software fr
Specifies whether the Windows Update will use the Windows Power Management features to automatically wake up the syste
Specifies that to complete a scheduled installation, Automatic Updates will wait for the computer to be restarted by any user w
If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instea
Specifies the amount of time for Automatic Updates to wait before prompting again with a scheduled restart. If the status is se
Specifies the amount of time for Automatic Updates to wait before proceeding with a scheduled restart. If the status is set to E
Specifies the amount of time for Automatic Updates to wait, following system startup, before proceeding with a scheduled inst
Specifies the target group name or names that should be used to receive updates from an intranet Microsoft update service. I
This policy setting allows you to manage whether Automatic Updates accepts updates signed by entities other than Microsoft w
Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve inform
Selecting "Disable preview builds" will prevent preview builds from installing on the device. This will prevent users from opting
Enable this policy to specify the level of Preview Build or Feature Updates to receive, and when. * Preview Build - Fast: Devices
Enable this policy to specify when to receive quality updates. You can defer receiving quality updates for up to 30 days. To pre
Enable this policy to not include drivers with Windows quality updates. If you disable or do not configure this policy, Windows
If you enable this policy, the PC will not automatically restart after updates during active hours. The PC will attempt to restart o
Specify the deadline in days before automatically executing a scheduled restart outside of active hours. The deadline can be se
This setting allows you to remove access to scan Windows Update. If you enable this setting user access to Windows Update s
Enable this policy to specify the maximum number of hours from the start time that users can set their active hours. The max
Enable this policy to specify the method by which the auto-restart required notification is dismissed. When a restart is required
Enable this policy to specify when auto-restart reminders are displayed. You can specify the amount of time prior to a schedul
This policy setting allows you to control whether users receive notifications for auto restarts for update installations including r
Enable this policy to control when notifications are displayed to warn users about a scheduled restart for the update installatio
Enable this policy to control the timing before transitioning from Auto restarts scheduled_outside of active hours to Engaged re
Enabling this policy for EDU devices that remain on Carts overnight will skip power checks to ensure update reboots will happe
Enabling this policy will automatically download updates, even over metered data connections (charges may apply)
Enable this policy to not allow update deferral policies to cause scans against Windows Update. If this policy is disabled or not
This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the
This policy setting controls the use of fast startup. If you enable this policy setting, the system requires hibernate to be enabled
This policy setting controls whether or not the system displays information about previous logons and logon failures to the use
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default, a user
This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the
This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS). If you enable this polic
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and
This policy controls whether the logged on user should be notified if the logon server could not be contacted during logon and
Specifies an alternate user interface. The Explorer program (%windir%\explorer.exe) creates the familiar Windows interface, bu
This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts t
Enables or disables the automatic download and update of map data. If you enable this setting the automatic download and u
This policy setting allows you to turn on or turn off unsolicited network traffic on the Offline Maps page in Settings > System > O
This policy setting specifies whether Windows will allow console applications and GUI applications without visible top-level win
This policy setting allows you to turn off projection to a PC. If you turn it on, your PC isn't discoverable and can't be projected
This policy setting allows you to require a pin for pairing. If you turn this on, the pairing ceremony for new devices will always r
This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine. If this policy setting is enable
This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devic
This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods. When en
This policy setting determines whether users can enable the following WLAN settings: "Connect to suggested open hotspots," "
Set up the menu name and URL for the custom Internet search provider. If you enable this setting, the specified menu name a
This policy setting specifies whether Work Folders should be set up automatically for all users of the affected computer. If you
This policy setting specifies the Work Folders server for affected users, as well as whether or not users are allowed to change se
This policy specifies whether Work Folders should use Token Broker for interactive AD FS authentication instead of its own OAu
This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, dom
This policy setting turns off tile notifications. If you enable this policy setting, applications and system features will not be able
This policy setting turns off toast notifications for applications. If you enable this policy setting, applications will not be able to
This policy setting turns off toast notifications on the lock screen. If you enable this policy setting, applications will not be able
This policy setting blocks applications from using the network to send notifications to update tiles, tile badges, toast, or raw no
This policy setting turns off Quiet Hours functionality. If you enable this policy setting, toast notifications will not be suppress
This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to begin each day. If you ena
This policy setting specifies the number of minutes after midnight (local time) that Quiet Hours is to end each day. If you enab
This policy setting blocks voice and video calls during Quiet Hours. If you enable this policy setting, voice and video calls will be
This policy setting turns off notification mirroring. If you enable this policy setting, notifications from applications and system w
This policy setting configures the cost of 3G connections on the local machine. If this policy setting is enabled, a drop-down lis
This policy setting configures the cost of 4G connections on the local machine. If this policy setting is enabled, a drop-down lis
This policy setting configures the visibility of the link to the per-application cellular access control page in the cellular setting UX
This policy setting specifies whether Windows apps can access cellular data. You can specify either a default setting for all app
inistrator can create a list of approved ActiveX Install sites specified by host URL. If you disable or do not configure this policy setting, Acti
ation. If the trusted site uses the HTTPS protocol, this policy setting can also control how ActiveX Installer Service responds to certificate e
programs in other categories. To use this setting, type the name of a category in the Category box for this setting. You must enter a catego
tion is available to all users. This setting does not prevent users from using other tools and methods to add or remove program componen
oes not prevent users from using other tools and methods to connect to Windows Update. Note: If the "Hide Add New Programs page" setti
e those programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, sy
New Programs button is available to all users. This setting does not prevent users from using other tools and methods to install programs.
Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs. If y
mail, as well as which programs are accessible from the Start menu, desktop, and other locations. If you disable this setting or do not config
figure it, the Change or Remove Programs page is available to all users. This setting does not prevent users from using other tools and met
guration tools. If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system service
mation, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version num
and configure components of Windows from the installation files. If you disable this setting or do not configure it, the Add/Remove Windo
nsider Program settings. If you disable this policy setting, Windows Insider Program settings will be unavailable to users through the Settin
6-bit applications. To run any 16-bit application or any application with 16-bit components, ntvdm.exe must be allowed to run. The MS-DO
n to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context
e customer Experience Improvement program is turned off, Application Telemetry will be turned off regardless of how this policy is set. Di
able this policy setting, Switchback will be turned off. Turning Switchback off may degrade the compatibility of older applications. This optio
es, or displays an Application Help message if the application has a know problem. Turning off the application compatibility engine will boo

PCA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. If you enable this policy setting, the PCA will b
as keyboard input and mouse input, user interface data, and screen shots. Steps Recorder includes an option to turn on and off data collec
y Collector will be turned off and data will not be sent to Microsoft. Collection of installation data through the Program Compatibility Assis
nteractions and app vulnerabilities can’t compromise the kernel or any other apps running outside of the virtualized environment. If you e
he clipboard to copy content from Application Guard to the host - Enable the clipboard to copy content from the host to Application Guard
ting network printers. - Enable printing to local printers. - Enable printing to PDF, allows people to print as PDF and save the resulting file o
er Application Guard. If you disable or don't configure this setting, non-enterprise sites can open outside of the Windows Defender Applic
lication Guard sessions. NOTE If you enable this setting, you can still delete an user's data from a specific device using the Reset-Applicatio
rd. NOTE Collected logs are available for review on Microsoft Edge, outside of Application Guard. If you disable or don't configure this setti
per-app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whe
setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wi
etting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wind
setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Win
tting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Windo
g overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Windows
tting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Window
cmdlet. A per-app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can d
app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether
setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wi
p setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wi
etting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wind
r-app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide wheth
werShell cmdlet. A per-app setting overrides the default setting. If you choose the "User is in control" option, employees in your organizatio
overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Windows a
app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether
app setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether
Get-AppPackage Windows PowerShell cmdlet. A per-app setting overrides the default setting. If you choose the "User is in control" option

The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh,
Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh,
Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh,
Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh,
Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh,

etails, read about the program online at http://go.microsoft.com/fwlink/?LinkID=184686.

ated by the local computer). If you disable or do not configure this policy setting, you cannot install LOB or developer-signed Windows Stor
files" Group Policy setting applies Mandatory user profiles and super-mandatory profiles, which are created by an administrator Temporar
is setting, you cannot develop Windows Store apps or install them directly from an IDE.
can move or install Windows apps on other volumes.
to a different volume, the users' app data will also move to this volume.
this policy, a Windows app can't share app data with other instances of that app. If this policy was previously enabled, any previously shar
desktop app for a file type. If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file typ
desktop app for a file type. If you enable this policy setting, Windows Store apps cannot open files in the default desktop app for a file typ
m by launching a desktop app. If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI s
m by launching a desktop app. If you enable this policy setting, Windows Store apps cannot open URIs in the default desktop app for a URI s
allow users to sign in with an enterprise account instead. If you disable or do not configure this policy setting, users will need to sign in wit
ontent URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use. If you disable or do
indows Runtime API access from web content are not affected. If you disable or do not configure this policy setting, all Windows Store app
ould be redundant. If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a fi
dows to use the file type data over the file handler data. For example, trust .txt files, regardless of the file handler. Using both the file hand
ws cannot make proper risk assessments. If you enable this policy setting, Windows does not mark file attachments with their zone inform
dangerous file attachments that Windows has blocked users from opening. If you enable this policy setting, Windows hides the check box
s the user from accessing the file. If the file is from the Internet zone, Windows prompts the user before accessing the file. Moderate Risk:
usion list takes precedence over the medium-risk and low-risk inclusion lists (where an extension is listed in more than one inclusion list).
as a lower precedence than the high-risk or medium-risk inclusion lists (where an extension is listed in more than one inclusion list). If you
nto Windows and it takes precedence over the low-risk inclusion list but has a lower precedence than the high-risk inclusion list (where an e
in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and serv
xecute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. T
xecute the program without user intervention. This creates a major security concern as code may be executed without user's knowledge. T
embers user's choice of what to do when a device is connected.
embers user's choice of what to do when a device is connected.
es, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled fo
es, such as the floppy disk drive (but not the CD-ROM drive), and on network drives. Starting with Windows XP SP2, Autoplay is enabled fo

osoft services when this device activates. Policy Options: - Not Configured (default -- data will be automatically sent to Microsoft) - Disa

iometrics, you must also configure the "Allow users to log on using biometrics" policy setting. If you disable this policy setting, the Window
to log on to the domain. If you enable or do not configure this policy setting, all users can log on to a local Windows-based computer and c
his policy setting, Windows prevents domain users from logging on to a domain-joined computer using biometrics. Note: Prior to Window
to specify the number of seconds the event remains active. This value cannot exceed 60 seconds. If you disable or do not configure this po
tion on devices that do not support enhanced anti-spoofing. If you disable or don't configure this setting, Windows doesn't require enhan
s for the job are deleted from the disk. Note: Any property changes to the job or any successful download action will reset this timeout. C
ate. By default BITS uses a maximum download time of 90 days (7,776,000 seconds). If you enable this policy setting, you can set the max
ork bandwidth to 10 Kbps from 8:00 A.M. to 5:00 P.M., and use all available unused bandwidth the rest of the day's hours. If you enable th
s that are not defined in a work schedule are considered non-work hours. If you enable this policy setting, you can set up a schedule for lim
u can define a separate set of network bandwidth limits and set up a schedule for the maintenance period. You can specify a limit to use f
s and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in
u can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days. If you disable or do not configu
1 percent of the total system disk for the peercache. If you enable this policy setting, you can enter the percentage of disk space to be used
he computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. Howe
he computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers.
ve network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will u
etting, you can define a default download policy for each BITS job priority. This setting does not override a download policy explicitly config
licy setting, BITS will limit the maximum number of BITS jobs to the specified number. If you disable or do not configure this policy setting,
mit the maximum number of BITS jobs a user can create to the specified number. If you disable or do not configure this policy setting, BITS
to the specified number. If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum num
ges that can be added to a file to the specified number. If you disable or do not configure this policy setting, BITS will limit ranges to 500 ra
dows Branch Cache. If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache. Note: This policy setti

rosoft Operations Manager server.

soft.com/fwlink/?LinkId=517265
Curve Order ============ curve25519 NistP256 NistP384 To See all the curves supported on the system, Use the following command
dditionally, if you check the "Include content from Enterprise spotlight" checkbox and your organization has setup an Enterprise spotlight c
raffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be contro
ue) to customize content shown on lock screen, Windows tips, Microsoft consumer features and other related features. If these features ar
his policy setting, users may see suggestions from Microsoft and notifications about their Microsoft account. Note: This setting only applie
e which tips to show. Note: If you disable or do not configure this policy setting, but enable the "Computer Configuration\Administrative Te
pps. If you disable or do not configure this policy, Windows spotlight features may suggest apps and content from third-party software pub

en there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows Welcome Experien
ns unless Windows has internally registered the required components. If you enable this policy setting and a component registration is mis
ns unless Windows has internally registered the required components. If you enable this policy setting and a component registration is mis

elp and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings. If you enable this settin
o the view used in the last Control Panel session. Note: Icon size is dependent upon what the user has set it to in the previous session.
from: The Start screen File Explorer This setting removes PC settings from: The Start screen Settings charm Account picture Search resu
other ways to access Control Panel items such as shortcuts in Help and Support or command lines that use control.exe. This policy has no e
n to a blocked page via URI, context menu in Explorer or other means will result in the front page of Settings being shown instead. This pol
Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.

Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows. If this setting is di
ge the screen saver on the computer. It does not prevent a screen saver from running.
en Saver dialog in the Personalization or Display Control Panel. As a result, users cannot change the screen saver options. If you do not con
s the drop-down list of screen savers in the Screen Saver dialog in the Personalization or Display Control Panel, which prevents users from c
, password protection cannot be set on any screen saver. This setting also disables the "Password protected" checkbox on the Screen Save
24 hours. If set to zero, the screen saver will not be started. This setting has no effect under any of the following circumstances: - The settin
ngs can be changed by the user. To specify wallpaper for a group, use the "Desktop Wallpaper" setting. Note: You must also enable the "D

dows Vista, this setting also hides the Desktop tab in the Display Control Panel.
nd later, use the "Prevent changing color and appearance" setting.
r do not configure this setting, there is no effect. Note: If you enable this setting but do not specify a theme using the "load a specific them
ktop background, color, sounds, or screen saver after the first logon. If you disable or do not configure this setting, the default theme will b
ms, this setting prevents users and applications from changing the visual style through the command line. Also, a user may not apply a diff
ou specify will be used. Also, a user may not apply a different visual style when changing themes. If you disable or do not configure this se
e "Font size" drop-down list on the Appearance tab.
press CTRL + ALT + DEL before signing in will see a lock screen after locking their PC. They must dismiss the lock screen using touch, the key
lock screen and logon image, and they will instead see the default image.
o slide show will ever start.
ss in PC Settings, and the camera cannot be invoked on the lock screen.
nnot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
ound, and users cannot change it. If the specified background is not supported, the default background is used.
ot be allowed to change them. If the "Force a specific background and accent color" policy is also set on a supported version of Windows, t
sets the specified image as the default for all users (it replaces the inbox default image). To use this setting, type the fully qualified path an
ft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If t
xample if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam. If you enable this policy setting, th
: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to su
ote: The user's domain password will be cached in the system vault when using this feature. To configure Windows Hello for Business, use
ote that the user's domain password will be cached in the system vault when using this feature.
password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time
l provider on other user tile. Note: A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MA
he user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows). The policy bec
elegated (default credentials are those that you use when first logging on to Windows). If you disable or do not configure (by default) this p
er's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application). If you do no
egated (fresh credentials are those that you are prompted for when executing the application). If you do not configure (by default) this pol
er's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manag
egated (saved credentials are those that you elect to save/remember using the Windows credential manager). If you do not configure (by
Windows). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. Note: The "Den
g the application). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server. Note: Th
the Windows credential manager). If you disable or do not configure (by default) this policy setting, this policy setting does not specify any
e Credential Guard does not limit access to resources because it redirects all requests back to the client device. Participating apps: Remote
Restricted Admin or Remote Credential Guard mode. If you disable or do not configure this policy setting, Restricted Administration and R
n the PC will be displayed so the user can choose one and enter the correct password. If you disable this policy setting, users will always b
ould be enabled. If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of t
olicy setting, the password reveal button will be displayed after a user types a password in the password entry text box. By default, the pas
olicy setting, the password reveal button will be displayed after a user types a password in the password entry text box. By default, the pas
by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring
t+Del. If you disable or do not configure this policy setting, users will be able to lock the computer from the keyboard using Ctrl+Alt+Del. T
hange the priority of the process in which programs run. If you enable this policy setting, users will not be able to access Task Manager. If u
off from the Start menu. Also, see the 'Remove Logoff on the Start Menu' policy setting. If you disable or do not configure this policy setti
ft at this level if they are enabled. Setting a value of 0 applies to Enterprise, EDU, IoT and Server devices only. Setting a value of 0 for other
ft at this level if they are enabled. Setting a value of 0 applies to Enterprise, EDU, IoT and Server devices only. Setting a value of 0 for other
mentations will be turned off. If you do not configure this policy setting, user can configure the “Let Microsoft try features on this build” op
ill be made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if you disable or do not configure this policy setting, C
. The value for this setting will be provided by Microsoft as part of the onboarding process for the program. If you disable or do not configu
e an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry serv
evel 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Win
(if enabled), DCOM will look for an entry in the locally configured list. If you disable this policy setting, DCOM will not look in the locally co
s the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled. DCO
. Peering occurs on devices in the same Active Directory Site (if exist) or the same domain by default. When this option is selected, peering
ed on for an authentication of identity.

size has not exceeded.

y is 40 (for 40%). The device can download from peers while on battery regardless of this policy. The value 0 means "not-limited"; The clou
Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Clas
Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Clas
cannot enable or disable Active Desktop. If Active Desktop is already enabled, users cannot add, remove, or edit Web content or disable, l
to delete particular Web-based items from users' desktops. Users can add the item again (if settings allow), but the item is deleted each tim
their Active Desktop, or prevent users from removing existing Web content. Also, see the "Disable all items" setting.
k boxes from items on the Web tab in Display in Control Panel. Note: This setting does not prevent users from deleting items from their Ac
eb content to their Active Desktop. Also, see the "Prohibit closing items" and "Disable all items" settings.
properties of an item, such as its synchronization schedule, password, or display characteristics.
e desktop. Note: This setting does not disable Active Desktop. Users can still use image formats, such as JPEG and GIF, for their desktop wa
ed to a .bmp format, such as JPEG, GIF, and PNG, can be set as Wallpaper by right-clicking the image and selecting "Set as Wallpaper". Also
ng, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\w
configure it, the filter bar does not appear, but users can display it by selecting "Filter" on the "View" menu. To see the filter bar, open Net
tory folder appears in the Network Locations folder. This setting is designed to let users search Active Directory but not tempt them to cas
set permissions for user or group objects in Active Directory. If you enable this setting, you can use the "Number of objects returned" box
cation in the Target box.
, see "Items displayed in Places Bar" in User Configuration\Administrative Templates\Windows Components\Common Open File Dialog to r
t behavior of the Desktop Clean Wizard running every 60 days occurs. Note: When this setting is not enabled, users can run the Desktop Cl
mpty Computer folder. This setting allows administrators to restrict their users from seeing Computer in the shell namespace, allowing the
access to the contents of the My Documents folder. This setting does not remove the My Documents icon from the Start menu. To do so, u
etwork Places icon.
do not configure this setting, the Properties option is displayed as usual.
and then opens the File menu. Clicks the My Documents icon, and then presses ALT+ENTER. If you disable or do not configure this policy s
this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.
o the contents of the Recycle Bin folder. Note: To make changes to this setting effective, you must log off and then log back on.
configure this setting, the Properties option is displayed as usual.

figuration. Tip: To view the toolbars that can be added to the desktop, right-click a docked toolbar (such as the taskbar beside the Start butt
default configuration. Also, see the "Prevent adding, dragging, dropping and closing the Taskbar's toolbars" setting.
is policy, this window minimizing and restoring gesture will apply.

uthenticate to Windows Hello using a companion device. If you disable this policy, users cannot use a companion device to authenticate wi
dware support and will only be enabled on correctly configured devices. Virtualization Based Protection of Code Integrity This setting enab
he policy. To enable this policy the machine must be rebooted. The file path must be either a UNC path (for example, \\ServerName\Share
er that is not signed at all. If you enable or do not configure this policy setting, drivers that are signed by a Microsoft Windows Publisher ce
dows waits 300 seconds for a device installation task to complete before terminating the installation.
estore point enables you to more easily restore your system to its state before the activity. If you enable this policy setting, Windows does

ard to install and update the drivers for any device. If you enable this policy setting on a remote desktop server, the policy setting affects re
ngs that prevent device installation take precedence over this one. If you enable this policy setting, Windows is allowed to install or update
ndows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable th
vent device installation take precedence over this one. If you enable this policy setting, Windows is allowed to install or update any device
ented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remo
for the USB hub to which the device is connected. This policy setting takes precedence over any other policy setting that allows Windows t
es that match any of these device IDs" or the "Allow installation of devices for these device classes" policy setting. If you disable or do not
this policy setting, the system does not force a reboot. Note: If no reboot is forced, the device installation restriction right will not take eff
tting prevents device installation. If you disable or do not configure this policy setting, Windows displays a default title in a notification when
tion. If you disable or do not configure this policy setting, Windows displays a default message when a policy setting prevents device install
ers must be signed according to Windows Driver Signing Policy, or be signed by publishers already in the TrustedPublisher store. If you disa
enabled, the system does not implement any setting less secure than the one the setting established. When you enable this setting, use th
ear while a device is being installed, unless the driver for the device suppresses the balloons.
setting, an error report is sent when a generic driver is installed.
by the device driver. If you disable or do not configure this policy setting, Windows sends an error report when a device driver that reque
es from the search algorithm. If you enable this setting, you can remove the locations by selecting the associated check box beside the loc
net Communication settings" is disabled or not configured. If you enable this setting, administrators will not be prompted to search Window
net Communication settings" is disabled or not configured. If you enable this setting, administrators will not be prompted to search Window
hat Windows will attempt to search Windows Update exactly one time. With this setting, Windows will not continually search for updates.
Windows will first search the Managed Server, such as a Windows Server Update Services (WSUS) server. Only if no update is found will Win
Control Panel > System and Security > System > Advanced System Settings > Hardware tab). If you disable or do not configure this policy se
empts to discover domain controllers. This value is specified in minutes. If you disable or do not configure this policy setting, the default va
, Digital Locker will not run. If you disable or do not configure this setting, Digital Locker can be run.
, Digital Locker will not run. If you disable or do not configure this setting, Digital Locker can be run.
t configure this policy setting, Windows displays the default alert text in the disk diagnostic message. No reboots or service restarts are req
c Policy Service (DPS) detects and logs S.M.A.R.T. faults to the event log when they occur. If you enable this policy setting, the DPS also wa
and resume. The system determines the data that will be stored in the NV cache to optimize boot and resume. The required data is stored
e. In this mode, the system tries to save power by aggressively spinning down the disk. If you do not configure this policy setting, the defau
om the cache while the disks are spinning up. The NV cache can also be used to reduce the power consumption of the system by keeping t
olatile (NV) cache. This allows the system to exclusively run out of the NV cache and power down the disk for longer periods to save power.
nt is turned off, and users cannot turn it on. If this policy setting is not configured, disk quota management is turned off by default, but adm
m disables the "Deny disk space to users exceeding quota limit" option on the Quota tab so administrators cannot make changes while the
tus in the Quota Entries window changes to indicate that the user is approaching the disk quota limit. This setting overrides new users’ setti
disable this policy setting, no event is recorded. Also, when you enable or disable this policy setting, the system disables the "Log event wh
icy setting, the system disables the corresponding "Log event when a user exceeds their warning level" option on the Quota tab so that adm
mputer will apply the disk quota to both fixed and removable media.
not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using Appl
using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest. If you disable
olume on another computer. The DLT client can more reliably track links when allowed to use the DLT server. This policy should not be se
er will be applied to all network connections used by computers that receive this policy setting. If you disable this policy setting, or if you d
ilable field. To use this policy setting, you must enter at least one IP address. If you enable this policy setting, the list of DNS servers is appl
omputers that receive it, you must restart Windows. If you enable this policy setting, it supersedes the primary DNS suffix configured in th
, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and th
PTR records will be determined by the option that you choose under Register PTR records. To use this policy setting, click Enabled, and the
on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled
of resource records and does not allow a DNS client to overwrite records that are registered by other computers. During dynamic update
servers, even if the record has not changed. This reregistration is required to indicate to DNS servers that records are current and should no
u specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS
nsecure dynamic updates. Only secure - computers send only secure dynamic updates. If you enable this policy setting, computers that att
ecords unless the authoritative zone is a top-level domain or root zone. If you enable this policy setting, computers send dynamic updates
ping if the name is successfully resolved or at a level determined by devolution settings. Devolution can be used when a user or application
parent of that suffix, and so on, stopping if the name is successfully resolved or at a level determined by devolution settings. Devolution can
at also has LLMNR enabled. LLMNR does not require a DNS server or DNS client configuration, and provides name resolution in scenarios i
. The name "server.corp.contoso.com." is an example of a fully qualified name because it contains a terminating dot. For example, if attach
e received, the network binding order is used to determine which response to accept. If you enable this policy setting, the DNS client will
P (NetBT). If you enable this policy setting, the DNS client will prefer DNS responses, followed by LLMNR, followed by NetBT for all network
if you do not configure this policy setting, NetBT queries will only be issued for single-label names such as "example" and not for multi-lab
esolution (LLMNR) and NetBIOS over TCP/IP (NetBT). If you enable this policy setting, responses from link local protocols will be preferred o
tting is not configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
ured, IDNs are not converted to the Nameprep form.
ing this policy setting requires a logoff for it to be applied.
ing this policy setting requires a logoff for it to be applied.
ng, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual versio
ng, Flip 3D is accessible, if desktop composition is turned on. When Windows Flip 3D is activated with the Windows+Tab keys, a visual versio
olor in Start Personalization. However, setting the accent will have no effect.
internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color chan
internal color is used, if the user does not specify a color. Note: This policy setting can be used in conjunction with the "Prevent color chan
y setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for wind
y setting can be used in conjunction with the "Specify a default color for window frames" policy setting, to enforce a specific color for wind
ME and Simplified Chinese Microsoft Pinyin.
ly. Note: Changes to this setting will not take effect until the user logs off.
used for conversion. For Simplified Chinese Microsoft Pinyin, an Open Extended Dictionary that is added before enabling this policy setting
olicy setting, the search integration function can be used by default. This policy setting applies to Japanese Microsoft IME, Simplified Chine
sion. If you disable or do not configure this policy setting, the custom dictionary can be used by default. For Japanese Microsoft IME, [Cle
wise OR of following values: 0x0001 // JIS208 area 0x0002 // NEC special char code 0x0004 // NEC selected IBM extended code 0x0008 /
you disable or do not configure this policy setting, both Publishing Standard Glyph and Non-Publishing Standard Glyph are included in the c
the suggestions, and the user won't be able to turn it off. If you disable this policy setting, the functionality associated with this feature is
the suggestions, and the user won't be able to turn it off. If you disable this policy setting, the functionality associated with this feature is
n settings. If you disable this policy setting, the functionality associated with this feature is turned off, and the user won't be able to turn i
een signed and has not been tampered with. - Bad: The driver has been identified as malware. It is recommended that you do not allow kn

policy setting, Windows will keep track of the apps that are used and searched most frequently. Most frequently used apps will appear at t
apps using touch gestures, keyboard shortcuts, and the Start screen. If you disable or don't configure this policy setting, the recent apps w
r-right corner. They'll still be available if the mouse is pointing to the lower-right corner. If you disable or don't configure this policy setting,
d users won't be able to replace it with Windows PowerShell. Users will still be able to access Windows PowerShell, but not from that menu

crypts files that are moved to an encrypted folder. This setting applies only to files moved within a volume. When files are moved to other
only USB root hub connected Enhanced Storage devices are allowed. If you disable or do not configure this policy setting, USB Enhanced S
the Enhanced Storage device state is not changed when the computer is locked.
e removable devices are allowed on your computer.
nced Storage device.

e usable on your computer. If you disable or do not configure this policy setting, all IEEE 1667 silos on Enhanced Storage devices are usable
If you disable or do not configure this policy setting, all Enhanced Storage devices are usable on your computer.
setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication setti
he user can also report the error. If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error R
tion to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not c
tion to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel. If you disable or do not c
the user interface for critical errors.
Reporting events and errors are logged to the system event log, as with other Windows-based programs.
Reporting events and errors are logged to the system event log, as with other Windows-based programs.
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Wi
If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Wi
itional CAB files that can contain data about the same event types as an earlier uploaded report. If you disable or do not configure this pol
itional CAB files that can contain data about the same event types as an earlier uploaded report. If you disable or do not configure this pol
tting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. If
tting, any memory dumps generated for error reports by Microsoft Windows are automatically uploaded, without notification to the user. If
manent power source. If you enable this policy setting, WER does not determine whether the computer is running on battery power, but ch
manent power source. If you enable this policy setting, WER does not determine whether the computer is running on battery power, but ch
icted. If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the net
icted. If you disable or do not configure this policy setting, WER does not send data, but will check the network cost policy again if the net
pplication errors. If the Report all errors in Microsoft applications check box is filled, all errors in Microsoft applications are reported, regar
Reporting never reports errors, click Show under the Exclude errors for applications on this list setting, and then add or remove applicatio
m the list of application file names in the Show Contents dialog box (example: notepad.exe). Errors that are generated by applications in thi
ou do not configure this policy setting, users can change this setting in Control Panel. By default, Windows Error Reporting settings in Contr
avior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum num
avior is set to Store parameters only, only the minimum information required to check for an existing solution is stored. The Maximum num
o select Connect using SSL to transmit error reports over a Secure Sockets Layer (SSL) connection, and specify a port number on the destina
eporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents
eporting never reports errors, click Show, and then add or remove applications from the list of application file names in the Show Contents
m occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queu
m occurs, whether the report should be placed in the reporting queue, or the user should be prompted to send it immediately. When Queu
r generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3
r generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3
setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent s
setting, custom consent policy settings for error reporting determine the consent level for specified event types, and the default consent s
s ask before sending data: Windows prompts users for consent to send reports. - Send parameters: Only the minimum data that is require
s ask before sending data: Windows prompts users for consent to send reports. - Send parameters: Only the minimum data that is require
t subscription specifics. Use the following syntax when using the HTTPS protocol: Server=https://<FQDN of the collector>:5986/wsman/Su
environments. If you disable or do not configure this policy setting, forwarder resource usage is not specified. This setting applies across a
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
users and system services can write, read, or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The s
atching the security descriptor can access the log. If you disable this policy setting, all authenticated users and system services can write, re
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
If you enable this policy setting, only those users whose security descriptor matches the configured specified value can access the log. If y
access the log. If you disable this policy setting, only system software and administrators can read or clear this log. If you do not configure
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
users and system services can write, read, or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The s
atching the security descriptor can access the log. If you disable this policy setting, all authenticated users and system services can write, re
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p

setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.


etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
hen it is full. A new file is then started. If you disable this policy setting and the "Retain old events" policy setting is enabled, new events ar
ecurity descriptor matches the configured value can access the log. If you disable or do not configure this policy setting, only system softwa
re and administrators can write or clear this log, and any authenticated user can read events from it. If you do not configure this policy setti
e, new events overwrite old events. Note: Old events may or may not be retained according to the "Backup log automatically when full" p
setting, the Event Log uses the folder %SYSTEMROOT%\System32\winevt\Logs.
etting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using
MS) standard and the public key you provide. You can use the Unprotect-CmsMessage PowerShell cmdlet to decrypt these encrypted messa

n settings using the Set-ProcessMitigation PowerShell cmdlet, the ConvertTo-ProcessMitigationPolicy PowerShell cmdlet, or directly in the
d in File Explorer. Note: When the menu bar is not displayed, users can access the menu bar by pressing the 'ALT' key.
plorer. If you disable or do not configure this policy setting, users will be able to add new items such as files or folders to the root of their U

that does not contain all programs installed in the same manner as it was on the machine on which the user had last logged on, unexpecte
when a USB device is connected will be enabled, and users will not be able to make changes using the Windows To Go Startup Options Cont
dows To Go workspace, can't hibernate the PC.
n started from a Windows To Go workspace, can use standby states to make the PC sleep.
ations through the Windows Feedback app asking users for feedback. Note: If you disable or do not configure this policy setting, users can

required. This is the default recovery behavior for corrupted files. Silent: Detection, troubleshooting, and recovery of corrupted files will au
new line that contains the enterprise identifier, separated by a comma, and the Package Family Name of the application. The EID must be
e RPC protocol message between File Server VSS provider and File Server VSS Agent is signed but not encrypted. Note: To make changes to
nformation please refer to the Windows Help section NOTE: If this policy is Disabled or Not Configured, local administrators may select the

nerated. If you disable them on all volumes then they will never be generated. If you set short name creation to be configurable on a per v

ll also allow the user to view the last location of use of their active digitizer on their device; this location is stored locally on the user's devic
tting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirectin
e available offline. If you disable or do not configure this policy setting, redirected shell folders are automatically made available offline. Al
are automatically made available offline. All subfolders within the redirected folders are also made available offline. Note: This policy setti
tting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use localized folder names for these subfolders when redirectin
etwork location to another and Folder Redirection is configured to move the content to the new location, instead of copying the content to
on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to
on a computer in a remote office. To designate a user's primary computers, an administrator must use management software or a script to
s visible and cannot be hidden by the user. Note: This has a side effect of not being able to toggle to the Preview Pane since the two cannot

Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. If y

ermissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. The policy setting "Restric
ermissions of the %windir%\Globalization directory to prevent the installation of locales by unauthorized users. The policy setting "Restric
will be restricted to the specified list. The locale list is specified using language names, separated by a semicolon (;). For example, en-US is
rompt. If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page. If the policy is Di
ricted to locales in this list. To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setti
ricted to locales in this list. To set this policy setting on a per-user basis, make sure that you do not configure the per-computer policy setti
disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not co
disabled by a per-user policy setting. If you disable this policy setting at the computer level, the per-user policy is ignored. If you do not co
enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to
enabled, users can still choose alternate locales installed on the system unless prevented by other policies, however, they will be unable to
hese values programmatically. This policy setting is used only to simplify the Regional Options control panel. If you enable this policy settin
not prevent the user or an application from changing the GeoID programmatically. If you disable or do not configure this policy setting, th
g the UI language. This does not prevent the user or an application from changing the UI language programmatically. If you disable or do n
r or an application from changing their user locale or user overrides programmatically. If you disable or do not configure this policy setting
y the administrator as the system UI languages. The UI language selected by the user will be ignored if it is different than any of the system
anguage for the selected user. If the specified language is not installed on the target computer or you disable this policy setting, the langua
talled on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local admin
s in the Regional and Language Options control panel are not accessible to the logged on user. This prevents users from specifying a langua
en keyboard. If the policy is Enabled, then the option will be locked to not offer text predictions. If the policy is Disabled or Not Configured
lects a text prediction candidate when using the on-screen keyboard. If the policy is Enabled, then the option will be locked to not insert a
ed, then the option will be locked to not autocorrect misspelled words. If the policy is Disabled or Not Configured, then the user will be fre
the option will be locked to not highlight misspelled words. If the policy is Disabled or Not Configured, then the user will be free to change
y any user on that system. If you disable or do not configure this policy setting, language packs that are installed as part of the system imag
this collected information may be stored on the user's OneDrive, in the case of inking and typing; some of the information will be uploaded
le this policy setting, the system specifies the largest two-digit year interpreted as being preceded by 20. All numbers less than or equal to
t is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer b
t is collected includes all outgoing messages in Windows Mail, and MAPI enabled email clients, as well as URLs from the Internet Explorer b
r Group Policy settings synchronously. If you enable this policy setting, Windows applies user Group Policy settings asynchronously, when
ite ready to deploy this feature into your organization, you can run it in Audit mode to see if blocking untrusted fonts causes any usability o
ags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prio
ags in particular positions. Bits can be set to either 0 (setting is forced off), 1 (setting is forced on), or ? (setting retains its existing value prio
t data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only
ences. If you disable this policy setting, the Windows device is not discoverable by other devices, and cannot participate in cross-device ex
wser instead of launching the associated app. If you do not configure this policy setting, the default behavior depends on the Windows edi
runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy attempts
up Policy runs in synchronous foreground mode, it refers to this cache, which enables it to run faster. When the cache is read, Group Policy
ting disk contention. If you enable this policy setting, Group Policy will wait for the specified amount of time before running logon scripts.

ide any bandwidth speed information. If Group Policy detects a bandwidth speed, Group Policy will follow the normal rules for evaluating i
icy setting, when a slow network connection is detected, Group Policy processing will always run in an asynchronous manner. Client comp
on of all Local GPOs to ensure that only domain-based GPOs are applied. If you enable this policy setting, the system does not process and
synchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy setting
If you do not configure this policy setting: - No user-based policy settings are applied from the user's forest. - Users do not receive their
Policy Objects stored in Active Directory, not for Group Policy Objects on the local computer. This policy setting overrides customized settin
program implementing the disk quota policy set when it was installed. If you enable this policy setting, you can use the check boxes provi
encryption policy set when it was installed. If you enable this policy setting, you can use the check boxes provided to change the options.
ctive Directory, not for Group Policy objects on the local computer. This policy setting overrides customized settings that the program imple
ed settings that the program implementing the Internet Explorer Maintenance policy set when it was installed. If you enable this policy setti
customized settings that the program implementing the IP security policy set when it was installed. If you enable this policy setting, you c
f you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy s
t was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not config
cy set when it was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or
mplementing the wireless network set when it was installed. If you enable this policy, you can use the check boxes provided to change the
enting the wired network set when it was installed. If you enable this policy, you can use the check boxes provided to change the options.
his policy setting, interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this
his policy setting, interactive users can generate RSoP. Note: This policy setting does not affect administrators. If you enable or disable this
icy Object Editor, a timestamp comparison is performed on the source files in the local %SYSTEMROOT%\inf directory and the source files
d user settings. If you disable or do not configure this policy setting, updates can be applied while users are working. The frequency of upda
his policy setting, the default behavior applies. By default, computer policy is applied when the computer starts up. It also applies at a spec
osoft\Windows\CurrentVersion\Policies registry subkeys. Preferences, which are not fully supported, use registry entries in other subkeys.
hanges to the domain controller designated as the PDC Operations Master for the domain. "Inherit from Active Directory Snap-ins" indicat
n to be slow. The system's response to a slow policy connection varies among policies. The program implementing the policy can specify th
n to be slow. The system's response to a slow policy connection varies among policies. The program implementing the policy can specify th
always updated when the system starts. By default, computer Group Policy is updated in the background every 90 minutes, with a random
minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the domain c
d when users log on. By default, user Group Policy is updated in the background every 90 minutes, with a random offset of 0 to 30 minutes
browser. The display name can contain environment variables and can be a maximum of 255 characters long. If this setting is Disabled or N
such as Active Directory Users and Computers or Active Directory Sites and Services, you can enable the object links for use on the system
ion of the ADM files that were used to create the GPO while editing this GPO. This leads to the following behavior: - If you originally creat
d the client-side extension settings that were included. If you enable this setting, RSoP logging is turned off. If you disable or do not configu
d on the computer that is being used. By default, the user's Group Policy Objects determine which user settings apply. If this setting is enab
ng is asynchronous, the computer is not blocked and policy processing will occur in the background. In either case, configuring this policy s
ms are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group
e event logging and turn on tracing for the Applications extension for client computers. If you disable or do not configure this policy setting
items are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Gr
ure event logging and turn on tracing for the Data Sources extension for client computers. If you disable or do not configure this policy setti
to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects
ogging and turn on tracing for the Devices extension for client computers. If you disable or do not configure this policy setting, by default e
s are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group P
event logging and turn on tracing for the Drive Maps extension for client computers. If you disable or do not configure this policy setting, b
iable preference items are allowed to process across a slow network connection, to be applied during background processing, and to proce
re event logging and turn on tracing for the Environment extension for client computers. If you disable or do not configure this policy setti
s across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) ar
and turn on tracing for the Files extension for client computers. If you disable or do not configure this policy setting, by default event loggi
tting, Folder Options, Open With, and File Type preference items are allowed to process across a slow network connection, to be applied du
figure event logging and turn on tracing for the Folder Options extension for client computers. If you disable or do not configure this polic
o process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objects (
gging and turn on tracing for the Folders extension for client computers. If you disable or do not configure this policy setting, by default ev
d to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objec
gging and turn on tracing for the Ini Files extension for client computers. If you disable or do not configure this policy setting, by default ev
are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group Po
ogging and turn on tracing for the Internet extension for client computers. If you disable or do not configure this policy setting, by default
Local User and Local Group preference items are allowed to process across a slow network connection, to be applied during background pr
olicy setting, you can configure event logging and turn on tracing for the Local User and Local Group extension for client computers. If you
tting, VPN Connection and DUN Connection preference items are allowed to process across a slow network connection, to be applied during
n configure event logging and turn on tracing for the Network Options extension for client computers. If you disable or do not configure th
eference items are allowed to process across a slow network connection, to be applied during background processing, and to process even
onfigure event logging and turn on tracing for the Network Shares extension for client computers. If you disable or do not configure this po
ower Options and Power Scheme preference items are allowed to process across a slow network connection, to be applied during backgrou
figure event logging and turn on tracing for the Power Options extension for client computers. If you disable or do not configure this policy
ng, Shared Printer, TCP/IP Printer, and Local Printer preference items are allowed to process across a slow network connection, to be applie
ogging and turn on tracing for the Printers extension for client computers. If you disable or do not configure this policy setting, by default e
preference items are allowed to process across a slow network connection, to be applied during background processing, and to process ev
n configure event logging and turn on tracing for the Regional Options extension for client computers. If you disable or do not configure thi
wed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy obje
ogging and turn on tracing for the Registry extension for client computers. If you disable or do not configure this policy setting, by default e
, Scheduled Task and Immediate Task preference items are allowed to process across a slow network connection, to be applied during back
configure event logging and turn on tracing for the Scheduled Tasks extension for client computers. If you disable or do not configure this p
d to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy objec
ogging and turn on tracing for the Services extension for client computers. If you disable or do not configure this policy setting, by default
owed to process across a slow network connection, to be applied during background processing, and to process even if the Group Policy o
nt logging and turn on tracing for the Shortcuts extension for client computers. If you disable or do not configure this policy setting, by def
s are allowed to process across a slow network connection, to be applied during background processing, and to process even if the Group P
event logging and turn on tracing for the Start Menu extension for client computers. If you disable or do not configure this policy setting, b
t existing Application preference items. If you enable or do not configure this policy setting, you permit use of Application snap-ins. Enablin
ling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy settin
nce extension is prohibited, it does not appear in the Group Policy Management Editor window. If you enable this policy setting, you perm
ss restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Ena
tricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling
ng this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting
bling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy settin
policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you p
his policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
ess restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. En
his policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
nless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users
nsion unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy se
unless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings.
nabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy se
ess restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. En
tricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. Enabling
unless restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users
this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, yo
nless restricted by the "Permit use of Control Panel Settings (Computers)" or "Permit use of Control Panel Settings (Users)" policy settings. E
tricted by the "Permit use of Control Panel Settings (Computers)" policy setting. Enabling this policy setting overrides the "Restrict users to
g this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting,
restricted by the "Permit use of Control Panel Settings (Users)" policy setting. Enabling this policy setting overrides the "Restrict users to th
xtension is prohibited, it does not appear in the Group Policy Management Editor window. If you enable this policy setting, you permit use
ate and manage preference items. If you enable this policy setting, you permit use of the Preferences tab. Enabling this policy setting does

es be added to this policy setting. If you enable this policy setting, the commands function only for .chm files in the specified folders and th
. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users fr
. If you disable or do not configure this policy setting, users can run all applications from online Help. Note: You can also restrict users fr
to make sure that they use system memory safely. If you enable this policy setting, DEP for HTML Help Executable is turned off. This will all
The text is displayed, but there are no clickable links for these elements. If you disable or do not configure this policy setting, the default b
the quality and usefulness of the Help and Support content.
the Help Experience Improvement program. If you disable or do not configure this policy setting, users can turn on the Help Experience Im
ne. If you disable or do not configure this policy setting, users can access online assistance if they have a connection to the Internet and ha
nnected automatically on subsequent attempts. Credentials can also be configured by network operators. If you enable this policy setting,
you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their re
you disable this policy setting, all of the the policy settings listed in the "Internet Communication settings" section are set such that their re
, certificates must be issued by a trusted certificate authority (CA). Microsoft has included a list in Windows XP and other products of comp
t Printing server and making its shared printers available via HTTP. If you enable this policy setting, it prevents this client from printing to In
t Printing server and making its shared printers available via HTTP. If you enable this policy setting, it prevents this client from printing to In
nly prohibits downloading drivers that are not already installed locally. If you enable this policy setting, print drivers cannot be downloaded
nly prohibits downloading drivers that are not already installed locally. If you enable this policy setting, print drivers cannot be downloaded
d for drivers when no local drivers are present. If you do not configure this policy setting, searching Windows Update is optional when inst
on text if the event is created by a Microsoft component. This text contains a link (URL) that, if clicked, sends information about the event t
this policy setting, the Help and Support Center no longer retrieves nor displays "Did you know?" content. If you disable or do not configu
es with the default search options. If you enable this policy setting, it removes the Knowledge Base section from the Help and Support Cen
ents users from retrieving the list of ISPs, which resides on Microsoft servers. If you disable or do not configure this policy setting, users can
ot configure this policy setting, users can connect to Microsoft.com to complete the online Windows Registration. Note that registration is o
on to report errors. If you disable or do not configure this policy setting, the errors may be reported to Microsoft via the Internet or to a co
and also on the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will y
content files used to format and display results. If you enable this policy setting, Search Companion does not download content updates d
ation or use the Web service to find an application. If you enable this policy setting, the link and the dialog for using the Web service to op
ation or use the Web service to find an application. If you enable this policy setting, the link and the dialog for using the Web service to op
ication or use the Store service to find an application. If you enable this policy setting, the "Look for an app in the Store" item in the Open
ication or use the Store service to find an application. If you enable this policy setting, the "Look for an app in the Store" item in the Open
s downloaded from a Windows website in addition to providers specified in the registry. If you enable this policy setting, Windows does no
s downloaded from a Windows website in addition to providers specified in the registry. If you enable this policy setting, Windows does no
om Picture Tasks in File Explorer folders. If you disable or do not configure this policy setting, the task is displayed.
om Picture Tasks in File Explorer folders. If you disable or do not configure this policy setting, the task is displayed.
ish content to the web. If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you
ish content to the web. If you enable this policy setting, these tasks are removed from the File and Folder tasks in Windows folders. If you
is information is used to improve the product in future releases. If you enable this policy setting, Windows Messenger does not collect usa
is information is used to improve the product in future releases. If you enable this policy setting, Windows Messenger does not collect usa
ollect your name, address, or any other personally identifiable information. There are no surveys to complete, no salesperson will call, and
loading a page from a dedicated Web server or making a DNS request for a dedicated address. If you enable this policy setting, NCSI does n
ents or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. Enabling th
or do not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are h
ty zones in which you specify that administrator-approved controls can be run. If you disable this policy or do not configure it, this control
on that has restricted functionality and is intended for use by web sites. If you enable this policy, this control will be available as an adminis
proved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Polic
run. If you disable this policy or do not configure it, these controls will not be designated as administrator-approved. Select the check box
ure it, these controls will not be designated as administrator-approved. To specify a control as administrator-approved, click Enabled, and t
in which you specify that administrator-approved controls can be run. If you disable this policy or do not configure it, these controls will n
ministrator-approved controls can be run. If you disable this policy or do not configure it, this control will not be designated as administrato
s policy or do not configure it, these controls will not be designated as administrator-approved. Select the check boxes for the controls tha
ministrator-approved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1.
r do not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are ha
rator-approved. To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Gr
enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background. If you disab
enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background. If you disab
ny websites or content in the background. If you disable this policy setting, Internet Explorer preemptively loads websites and content in t
ny websites or content in the background. If you disable this policy setting, Internet Explorer preemptively loads websites and content in t
f you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
f you do not configure this policy, users can choose whether to be prompted before running active content on a CD.
secure. If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. If you disable this poli
secure. If you enable this policy setting, Internet Explorer will check to see if server certificates have been revoked. If you disable this poli
sable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine
sable or do not configure this policy setting, applications that host MSHTML render text by using the Microsoft ClearType rendering engine
olicy setting is particularly useful to users who do not use a mouse. If you enable this policy setting, Caret Browsing is turned on. If you di
olicy setting is particularly useful to users who do not use a mouse. If you enable this policy setting, Caret Browsing is turned on. If you di
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhance
If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhance
bit processes are used. If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Prote
bit processes are used. If you enable this policy setting, Internet Explorer 11 will use 64-bit tab processes when running in Enhanced Prote
gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in
gives the option to run the website in regular Protected Mode. This policy setting disables this notification and forces all websites to run in
If you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Br
If you disable this policy setting, Internet Explorer only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Br
use or not use HTTP 1.1.
use or not use HTTP 1.1.
If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
If you do not configure this policy setting, users can configure Internet Explorer to use or not use HTTP 1.1 through proxy connections.
tocol. If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol. If you don't configure this policy setting,
tocol. If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol. If you don't configure this policy setting,
ble this policy setting, Internet Explorer won't use the HTTP2 network protocol. If you don't configure this policy setting, users can turn th
ble this policy setting, Internet Explorer won't use the HTTP2 network protocol. If you don't configure this policy setting, users can turn th
This policy does not affect which security protocols are enabled. If you disable this policy, system defaults will be used.
protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and serv
protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and serv
not use Reset Internet Explorer Settings. If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Setti
not use Reset Internet Explorer Settings. If you disable or do not configure this policy setting, the user can use Reset Internet Explorer Setti
Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
Explorer will check the digital signatures of executable programs and display their identities before downloading them to user computers.
ernet Explorer automatically launches any browser helper objects that are installed on the user's computer. If you disable this policy settin
ernet Explorer automatically launches any browser helper objects that are installed on the user's computer. If you disable this policy settin
o download the Japanese Language Pack component if it is not already installed. If you enable this policy setting, Web components such a
o download the Japanese Language Pack component if it is not already installed. If you enable this policy setting, Web components such a
tting, non-Internet Explorer components will be automatically installed as necessary. If you disable this policy setting, users will be prompt
tting, non-Internet Explorer components will be automatically installed as necessary. If you disable this policy setting, users will be prompt
ernet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when th
ernet Explorer checks the Internet for a new version approximately every 30 days and prompts the user to download new versions when th
pted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signatu
pted to install or run files with an invalid signature. If you disable this policy setting, users cannot run or install files with an invalid signatu
ures found in Web content. If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages d
ures found in Web content. If you disable this policy setting, Internet Explorer will not play or download animated pictures, helping pages d
Web content. If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display mo
Web content. If you disable this policy setting, Internet Explorer will not play or download sounds in Web content, helping pages display mo
ontent. If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly. If you do n
ontent. If you disable this policy setting, Internet Explorer will not play or download videos, helping pages display more quickly. If you do n
requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to
requests Profile Assistant information, users will be prompted to choose which information to share. At that time, users can also choose to
ed pages containing secure (HTTPS) information to the cache. If you disable this policy setting, Internet Explorer will save encrypted pages
ed pages containing secure (HTTPS) information to the cache. If you disable this policy setting, Internet Explorer will save encrypted pages
tal disk space usage. If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folde
tal disk space usage. If you enable this policy setting, Internet Explorer will delete the contents of the user's Temporary Internet Files folde
ble or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet
ble or do not configure this policy setting, Internet Explorer does not display the Content Advisor setting on the Content tab of the Internet
s turned on. The user cannot turn it off. If you disable this policy setting, inline AutoComplete is turned off. The user cannot turn it on. If y
toComplete for File Explorer is turned off. The user cannot turn it on. If you disable this policy setting, Inline AutoComplete for File Explore
orer does not go directly to an intranet site for a one-word entry in the Address bar.
orer does not go directly to an intranet site for a one-word entry in the Address bar.
Script) or Microsoft JScript. If you enable this policy setting, script debugging is turned on. The user cannot turn off script debugging. If yo
here is a problem connecting with an Internet server, the user does not see a detailed description or hints about how to correct the proble
olicy setting, page transitions will be turned on. The user cannot change this behavior. If you do not configure this policy setting, the user c
ge does not appear properly because of problems with its scripting. The user cannot change this policy setting. If you disable this policy setti
scrolling. If you do not configure this policy setting, the user can hide or show the button to open Microsoft Edge from Internet Explorer.
Internet Explorer will be shown. If you do not configure this policy setting, the button to open Microsoft Edge from Internet Explorer can b
Internet Explorer will be shown. If you do not configure this policy setting, the button to open Microsoft Edge from Internet Explorer can b
e this policy setting, the user can choose when to underline links.
s policy setting, phone number detection is turned on. Users won't be able to modify this setting. If you don't configure this policy setting,
s policy setting, phone number detection is turned on. Users won't be able to modify this setting. If you don't configure this policy setting,
ffline viewing. If you disable this policy or do not configure it, then users can determine the amount of content that is searched for new inf
cribed to, will be disabled. Users also cannot add content that is based on a channel, such as some of the Active Desktop items from Micros
ffline content. The Make Available Offline check box will be dimmed in the Add Favorite dialog box. If you disable this policy or do not confi
and other settings for downloading Web content. If you disable this policy or do not configure it, channel providers can record information
annel Bar check box on the Web tab in the Display Properties dialog box. If you disable this policy or do not configure it, users can view an
b in the Web page Properties dialog box are dimmed. To display this tab, users click the Tools menu, click Synchronize, select a Web page, c
of pages that have been set up for offline viewing. If users click the Tools menu, click Synchronize, select a Web page, and then click the Pro
ou disable this policy or do not configure it, users can disable the synchronization of channels. This policy is intended to help administrator
box in the Organize Favorites Favorite dialog box and the Make This Page Available Offline check box will be selected but dimmed. To displa
e properties are cleared and users cannot select them. To display this tab, users click the Tools menu, click Synchronize, select a Web page,
sers have subscribed to. However, synchronization with the Web pages will still occur to determine if any content has been updated since t
olicy setting, the user cannot specify the download path for the code. You must specify the download path. If you disable or do not configu
configure this policy setting, the user can choose the default text size in Internet Explorer.
settings. When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configura
settings. When you set this policy, you do not need to set the "Disable changing Advanced page settings" policy (located in \User Configura
u do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface: "Disab
u do not need to set the following policies for the Content tab, because this policy removes the Connections tab from the interface: "Disab

ese settings. When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Admi
ese settings. When you set this policy, you do not need to set the following Internet Explorer policies (located in \User Configuration\Admi

y, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface: "D
y, you do not need to set the following policies for the Programs tab, because this policy removes the Programs tab from the interface: "D
these settings. When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Se
these settings. When you set this policy, you do not need to set the following Internet Explorer policies, because this policy removes the Se
rver names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN
rver names should be sent: 0) Unicode domain names are never converted to IDN format. 1) Unicode domain names are converted to IDN
query strings. 1) Only encode query strings for URLs that aren't in the Intranet zone. 2) Only encode query strings for URLs that are in the I
query strings. 1) Only encode query strings for URLs that aren't in the Intranet zone. 2) Only encode query strings for URLs that are in the I
encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this beh
encoded through the user's code page. This behavior matches the behavior of Internet Explorer 6 and earlier. The user can change this beh
isable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
isable or do not configure this policy setting, the user can choose to ignore certificate errors and continue browsing.
net Explorer does not allow sending the path portion of URLs as UTF-8. The user cannot change this policy setting. If you disable this policy
cy setting, the user can specify the background color in Internet Explorer.
pecify the text color in Internet Explorer.
nfigure this policy setting, the user can turn on or turn off Windows colors for display.
nt, this policy setting allows you to specify the URL to update the browser security setting. If you enable this policy setting, the user canno
ore. The user cannot prevent the wizard from starting. If you disable this policy setting, the Internet Connection Wizard does not start auto
ure this policy setting, Internet Explorer won't log ActiveX control information. Note that you can turn this policy setting on or off regardles
ure this policy setting, Internet Explorer won't log ActiveX control information. Note that you can turn this policy setting on or off regardles
omatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated contro
utdated ActiveX control. If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning mess
utdated ActiveX control. If you disable or don't configure this policy setting, users will see the "Run this time" button on the warning mess
won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: 1. "domain.name.TLD". For example
won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following: 1. "domain.name.TLD". For example
tting, Internet Explorer continues to block specific outdated ActiveX controls. For more information, see "Outdated ActiveX Controls" in the
tting, Internet Explorer continues to block specific outdated ActiveX controls. For more information, see "Outdated ActiveX Controls" in the
is list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons n
is list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons n
browser or web pages. By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. H
browser or web pages. By default, the 'Add-on List' policy setting defines a list of add-ons to be allowed or denied through Group Policy. H
user preferences and policy settings. If you enable this policy setting, all processes will respect add-on management user preferences and p
user preferences and policy settings. If you enable this policy setting, all processes will respect add-on management user preferences and p
s you to extend support for these user preferences and policy settings to specific processes listed in the process list. If you enable this poli
s you to extend support for these user preferences and policy settings to specific processes listed in the process list. If you enable this poli
c functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Scrip
c functionality or behavior on a page.) If you enable this policy setting, this sets the list of behaviors permitted in each zone for which Scrip
f you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies. If you disable or do not
f you enable this policy setting, Internet Explorer 9 installs binaries signed by MD2 and MD4 signing technologies. If you disable or do not
behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked. If you disable or do not configure th
behaviors are prevented for all processes. Any use of binary behaviors for HTML rendering is blocked. If you disable or do not configure th
behaviors are prevented for the File Explorer and Internet Explorer processes. If you disable this policy setting, binary behaviors are allow
behaviors are prevented for the File Explorer and Internet Explorer processes. If you disable this policy setting, binary behaviors are allow
rs to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a V
rs to define applications for which they want this security feature to be prevented or allowed. If you enable this policy setting and enter a V
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
he MIME type of a file is text/plain but the MIME sniff indicates that the file is really an executable file, Internet Explorer renames the file b
t Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be dis
t Explorer Processes, for which the Notification bar is displayed by default). If you enable this policy setting, the Notification bar will be dis
ternet Explorer Processes. If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes. If you
ternet Explorer Processes. If you disable this policy setting, the Notification bar will not be displayed for Internet Explorer processes. If you
Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you ente
Notification bar is displayed by default). If you enable this policy setting and enter a Value of 1, the Notification bar is displayed. If you ente
ecurity applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector
ecurity applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack vector
ecurity applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine z
ecurity applies to all local files and content processed by Internet Explorer. This feature helps to mitigate attacks where the Local Machine z
zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack v
zone security applies to all local files and content. This feature helps to mitigate attacks where the Local Machine zone is used as an attack v
niffing Safety Feature is disabled for all processes.
niffing Safety Feature is disabled for all processes.
xplorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setti
xplorer processes will allow a MIME sniff promoting a file of one type to a more dangerous file type. If you do not configure this policy setti
etting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file typ
etting and enter a Value of 1, this protection will be in effect. If you enter a Value of 0, any file may be promoted to more dangerous file typ
ure this policy setting, the MK Protocol is enabled.
ure this policy setting, the MK Protocol is enabled.
fail. If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File
fail. If you disable this policy setting, applications can use the MK protocol API. Resources hosted on the MK protocol will work for the File
his policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If
his policy setting and enter a Value of 1, use of the MK protocol is prevented. If you enter a Value of 0, use of the MK protocol is allowed. If
t obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer. If you disable this policy se
t obtained through restricted protocols is allowed for all processes other than File Explorer or Internet Explorer. If you disable this policy se
restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can
restricting content obtained through restricted protocols is allowed for File Explorer and Internet Explorer processes. For example, you can
applications for which they want restricting content obtained through restricted protocols to be prevented or allowed. If you enable this p
applications for which they want restricting content obtained through restricted protocols to be prevented or allowed. If you enable this p
figure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
figure this policy setting, object reference is retained when navigating within or across domains in the Restricted Zone sites.
ble this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes. If you do
ble this policy setting, an object reference is retained when navigating within or across domains for Internet Explorer processes. If you do
tting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still ac
tting and enter a Value of 1, references to objects are inaccessible after navigation. If you enter a Value of 0, references to objects are still ac
e, making the Local Machine security zone a prime target for malicious users. If you enable this policy setting, any zone can be protected fr
e, making the Local Machine security zone a prime target for malicious users. If you enable this policy setting, any zone can be protected fr
Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security context.
Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security con
Local Machine security zone a prime target for malicious users. Zone Elevation also disables JavaScript navigation if there is no security con
e this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
e this policy setting, the Web Browser Control will not block automatic prompting of ActiveX control installation for all processes.
s will not be blocked for Internet Explorer processes. If you do not configure this policy setting, the user's preference will be used to determ
s will not be blocked for Internet Explorer processes. If you do not configure this policy setting, the user's preference will be used to determ
tiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the
tiveX control installation is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the
ou disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for a
ou disable this policy setting, the Web Browser Control will not block automatic prompting of file downloads that are not user initiated for a
user initiated for Internet Explorer processes. If you do not configure this policy setting, the user's preference determines whether to prom
user initiated for Internet Explorer processes. If you do not configure this policy setting, the user's preference determines whether to prom
prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value
prompting of non-initiated file downloads is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value
ows' title and status bars. If you enable this policy setting, scripted windows are restricted for all processes. If you disable or do not config
ows' title and status bars. If you enable this policy setting, scripted windows are restricted for all processes. If you disable or do not config
ows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explo
ows' title and status bars. If you enable this policy setting, popup windows and other restrictions apply for File Explorer and Internet Explo
ows' title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be pr
ows' title and status bars. This policy setting allows administrators to define applications for which they want this security feature to be pr
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
re, and applies to all processes which have opted in to the security restriction. If you enable this policy setting for a zone, this sets the list o
ndows Error Reporting continue to apply. If you disable or do not configure this policy setting, the crash detection feature for add-on mana
ndows Error Reporting continue to apply. If you disable or do not configure this policy setting, the crash detection feature for add-on mana
he Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm. If you disable this policy setting, u
he Address bar. In addition, users won't be able to change the Suggestions setting on the Settings charm. If you disable this policy setting, u
over his or her data after a program stops responding.
over his or her data after a program stops responding.
eopen Last Browsing Session feature.
eopen Last Browsing Session feature.
he Add-On Manager will be available to the user.
he Add-On Manager will be available to the user.
an add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (foun
an add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (foun
rnet Explorer by default, and the user cannot turn it on. If you do not configure this policy setting, the menu bar is turned off by default. Th
rnet Explorer by default, and the user cannot turn it on. If you do not configure this policy setting, the menu bar is turned off by default. Th
n off the Favorites bar.
n off the Favorites bar.
matic proxy scripts can be stored in the users' cache.
e this policy or do not configure it, users could install customizations from another party-for example, when signing up for Internet service
ble this policy or do not configure it, users can select or clear settings on the Advanced tab. If you set the "Disable the Advanced page" pol
this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
this policy setting, Internet Explorer sends the current Internet Explorer version in the User Agent header (for example, "MSIE 7.0").
c Detection. If you disable this policy or do not configure it, dial-up settings will not be configured by Automatic Detection, unless specified
: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
: When this policy setting is enabled, the "Fix settings" command on the Notification bar shortcut menu should be disabled.
ode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis, and the
ode the phishing filter uses: manual, automatic, or off. If you select manual mode, the phishing filter performs only local analysis, and the
artScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow
artScreen Filter. You must specify which mode the SmartScreen Filter uses: on, or off.All website addresses that are not on the filter's allow
SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the us
SmartScreen Filter. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the us
If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user
If you enable this policy setting, SmartScreen Filter warnings block the user. If you disable or do not configure this policy setting, the user
f you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
f you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.

email and newsgroups. The menu bar contains menus that open lists of commands. The commands include options for printing, customizi
cify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance. If you disable or do not configu
cify the filter level by importing Privacy settings from your computer under Internet Explorer Maintenance. If you disable or do not configu
ayed when problems occur with proxy scripts.
ogging. If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user canno
ogging. If you disable this policy setting, the user cannot log information that is blocked by new Internet Explorer features. The user canno
g a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains men
g a selection of search tools, viewing a history of visited pages, printing, and accessing email and newsgroups. The menu bar contains men
ttings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favori
ttings from a file allows the user to import favorites, feeds and cookies from a file. Exporting settings to a file allows the user to export favori
ot configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
ot configure this policy setting, browser geolocation support can be turned on or off in Internet Options on the Privacy tab.
objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setti
objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setti
applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
applications that host MSHTML respond to user input that causes the content to be re-rendered at a scaled size.
y, users will not be able to create new identities, manage existing identities, or switch identities. The Switch Identity option will be removed
er upgrades to Internet Explorer 9. In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. Activ
er upgrades to Internet Explorer 9. In Internet Explorer 9, add-ons are defined as toolbars, Browser Helper Objects, or Explorer bars. Activ
The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-o
The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-o
er cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, ActiveX
er cannot turn off ActiveX Filtering, although they may add per-site exceptions. If you disable or do not configure this policy setting, ActiveX
ers click on a link within Internet Explorer, the content will be played by the default media client on their system. If you enable the Media E
e Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm
e Delete Browsing History dialog box. Starting with Windows 8, users cannot click the Delete Browsing History button on the Settings charm
not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete. If the "Preven
not configure this policy setting, the user can choose whether to delete or preserve form data when he or she clicks Delete. If the "Preven
do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete. If the "Pre
do not configure this policy setting, the user can choose whether to delete or preserve passwords when he or she clicks Delete. If the "Pre
configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete. If the "Prevent acce
configure this policy setting, the user can choose whether to delete or preserve cookies when he or she clicks Delete. If the "Prevent acce
tting, websites that the user has visited are deleted when he or she clicks Delete. If you do not configure this policy setting, the user can c
tting, websites that the user has visited are deleted when he or she clicks Delete. If you do not configure this policy setting, the user can c
the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve download history whe
the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve download history whe
deleted when the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve tempora
deleted when the user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve tempora
n the Delete Browsing History dialog box. If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.
n the Delete Browsing History dialog box. If you enable this policy setting, InPrivate Filtering data is preserved when the user clicks Delete.
lected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing. With at least Int
lected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing. With at least Int
clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or
clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve favorites site data when he or
ou enable this policy setting, deleting browsing history on exit is turned on. If you disable this policy setting, deleting browsing history on e
ou enable this policy setting, deleting browsing history on exit is turned on. If you disable this policy setting, deleting browsing history on e
page. • Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcom
page. • Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage. Starting with Windows 8, the "Welcom
d from the Settings charm (starting with Internet Explorer 10 on Windows 8). If you disable or do not configure this policy setting, the Inte
d from the Settings charm (starting with Internet Explorer 10 on Windows 8). If you disable or do not configure this policy setting, the Inte
onfigure this policy setting, the Search box appears by default in the Internet Explorer frame. Note: If you enable this policy setting, Interne
onfigure this policy setting, the Search box appears by default in the Internet Explorer frame. Note: If you enable this policy setting, Interne
d search providers that offer suggestions.
d search providers that offer suggestions.
hen a user clicks in the Search box, the quick pick menu appears.
hen a user clicks in the Search box, the quick pick menu appears.
nd install a component when visiting a Web site that uses that component. This policy is intended to help the administrator control which
rocesses; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The d
rocesses; and high allows the tab process to grow very quickly and is intended only for computers that have ample physical memory. The d
ay UI during shutdown. If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown
ay UI during shutdown. If you disable or do not configure this policy setting, OnUnLoad script handlers do not display UI during shutdown
ou disable or do not configure this policy setting, the user can select his or her preference for this behavior.
ou disable or do not configure this policy setting, the user can select his or her preference for this behavior.
b Grouping.

d when users start their browsers.


ternet Explorer, and the user cannot turn them on. If you disable this policy setting, tabbed browsing and related entry points appear on t
ternet Explorer, and the user cannot turn them on. If you disable this policy setting, tabbed browsing and related entry points appear on t
er decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs. If you disable or do not con
er decide. 1: Force pop-up windows to open in new windows. 2: Force pop-up windows to open on new tabs. If you disable or do not con
figure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available. This policy is intended to he
e of the following: • Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. • O
e of the following: • Open in an existing Internet Explorer window. If tabbed browsing is enabled, a new tab is created in this scenario. • O
sable the blocking of attachments in options. If the block attachments setting is not checked, the user can specify to enable or disable the
gs. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso
gs. Only the domain name is allowed, so www.contoso.com is valid, but not http://www.contoso.com. Wildcards are allowed, so *.contoso
ors on Web pages. If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Com
be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Mainten
be able to do automatic configuration. You can import your current connection settings from your machine using Internet Explorer Mainten
tab and then click the Settings button in the Internet Options dialog box. If you disable this policy or do not configure it, users can change
If you disable this policy or do not configure it, users can determine which programs to use for managing schedules and contacts, if progra
nfigure it, users can import new certificates, remove approved publishers, and change settings for certificates that have already been accep
r do not configure it, users can determine whether Internet Explorer will check to see if it is the default browser. When Internet Explorer pe
ot be notified if Internet Explorer is not the default web browser. Users cannot change the setting. If you do not configure this policy settin
log box. If you disable this policy or do not configure it, users can change the default background and text color of Web pages. If you set t
ctions page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pa
ctions page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pa
ing Start, pointing to Programs, pointing to Accessories, pointing to Communications, and then clicking Internet Connection Wizard. If you
figure it, users can change the default fonts for viewing Web pages. If you set the "Disable the General page" policy (located in \User Config
t. If you do not configure this setting, the user has the freedom to turn on the auto-complete feature for forms. To display this option, the
. You have to decide whether to select "prompt me to save passwords". If you disable this setting the user cannot change "User name and
y. If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List.
y. If you enable this policy setting, a user cannot set the number of days that Internet Explorer tracks views of the pages in the History List.
hine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies. If yo
secondary home pages. The user cannot set custom default secondary home pages. If you disable or do not configure this policy setting, t
secondary home pages. The user cannot set custom default secondary home pages. If you disable or do not configure this policy setting, t
u disable this policy or do not configure it, users can change the language preference settings for viewing Web sites for languages in which
If you disable this policy or do not configure it, users can change the default color of links on Web pages. If you set the "Disable the Gene
disable this policy or do not configure it, users can determine which programs to use for sending mail, viewing newsgroups, and placing Int
he exception list. Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop
he exception list. Note: You can allow a default list of sites that can open pop-up windows regardless of the Internet Explorer process's Pop
ppear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen
ppear. Pop-up windows will continue to function as they did in Windows XP Service Pack 1 or earlier, although windows launched off screen
as their street and e-mail addresses. The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Wind

their ratings settings. The "Disable the Ratings page" policy (located in \User Configuration\Administrative Templates\Windows Compone
earch pages. The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Inte
files and cookies. If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
files and cookies. If you disable or do not configure this policy setting, users will be able to delete temporary Internet files and cookies.
e this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-add
e this policy setting, user will be suggested matches when entering Web addresses. The user cannot change the auto-complete for web-add
the browser Address bar. If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing rele
the browser Address bar. If you enable this policy setting, Internet Explorer does not use Windows Search AutoComplete for providing rele
uggestions will be turned off. Users will not be able to turn on URL Suggestions. If you disable this policy setting, URL Suggestions will be tu
uggestions will be turned off. Users will not be able to turn on URL Suggestions. If you disable this policy setting, URL Suggestions will be tu
that informs the user that this feature has been disabled. If you disable this policy or do not configure it, users can press F3 to search the I
disable this policy or do not configure it, users can change their settings for the Search Assistant. This policy is designed to help administra
the same computer can establish their own security zone settings. This policy is intended to ensure that security zone settings apply unifo
ure it, users can change the settings for security zones. This policy prevents users from changing security zone settings established by the a
alog box, click the Security tab, and then click the Sites button.) If you disable this policy or do not configure it, users can add Web sites to o
his policy, users will not be notified if their programs are updated using Software Distribution Channels. If you disable this policy or do not
ed from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting,
ed from third-party toolbars or in Setup, but the user can also add them from a search provider's website. If you enable this policy setting,
he user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. If you do not confi
he user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu. If you do not confi
he tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select. If you disable or d
he tabs in the background by pressing Ctrl+Shift+Select or open the tabs in the foreground by pressing Ctrl+Shift+Select. If you disable or d
This policy is intended to ensure that proxy settings apply uniformly to the same computer and do not vary from user to user.
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr
llow the control to run from the current site or from all sites. If you disable this policy setting, the user does not see the per-site ActiveX pr

Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
this policy setting, the XSS Filter is turned off for sites in this zone, and Internet Explorer permits cross-site script injections.
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
work Protocol Lockdown policy. If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on
work Protocol Lockdown policy. If you enable this policy setting, no Trusted Sites Zone content accessed is affected, even for protocols on
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
p windows are not prevented from appearing. If you do not configure this policy setting, most unwanted pop-up windows are prevented f
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files are
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, users
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
rop-down box, users are queried whether to allow additional windows and frames to access applications from other domains. If you disab
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ar
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the
setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the
ou enable this policy setting, the certificate address mismatch warning always appears. If you disable or do not configure this policy setting
ou enable this policy setting, the certificate address mismatch warning always appears. If you disable or do not configure this policy setting
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
the standard template defaults. If you disable this template policy setting, no security level is configured. If you do not configure this temp
cessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting, users choose whethe
cessarily mapped into the Intranet Zone (other rules might map one there). If you do not configure this policy setting, users choose whethe
les might map one there). If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zo
les might map one there). If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zo
associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings
associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings
his policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured. If
his policy setting, automatic detection of the intranet is turned off, and intranet mapping rules are applied however they are configured. If
on appears whenever the user browses to a page that loads content from an intranet site. If you disable this policy setting, a Notification ba
on appears whenever the user browses to a page that loads content from an intranet site. If you disable this policy setting, a Notification ba
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
tocol Lockdown policy. If you enable this policy setting, no Intranet Zone content accessed is affected, even for protocols on the restricted
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
ded layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a w
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
new Internet Explorer windows that have no status bar or Address bar. If you do not configure this policy setting, the user can choose whe
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable
yer. Also, as of Internet Explorer 8, this policy setting controls HTML+TIME media elements that refer to audio and video files. If you enable

nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
nable this policy setting, the first-run prompt is turned off in the corresponding zone. If you disable this policy setting, the first-run prompt
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
part of the path. If you enable this policy setting, path information is sent when the user is uploading a file via an HTML form. If you disab
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
nt. If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious conte
etting, the user can enable or disable the Notification bar behavior.
etting, the user can enable or disable the Notification bar behavior.

annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
annot turn off Protected Mode. If you disable this policy setting, Protected Mode is turned off. The user cannot turn on Protected Mode. I
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
e, these files open without a security warning. If you set the drop-down box to Prompt, a security warning appears before the files open. If
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
enable this policy setting and set the drop-down box to Enable, XBAPs are automatically loaded inside Internet Explorer. The user cannot ch
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
policy setting, the user can enable or disable script access to the WebBrowser control. By default, script access to the WebBrowser control
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
om multiple developer tools. It includes the new managed code APIs for Windows. If you enable this policy setting, .NET Framework Setup
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
policy setting and set the drop-down box to Enable, XAML files are automatically loaded inside Internet Explorer. The user cannot change
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
de Internet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XPS fi
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
n. If you disable this policy setting, script code on pages in the zone is prevented from running. If you do not configure this policy setting,
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
Meta Refresh setting can be redirected to another Web page. If you disable this policy setting, a user's browser that loads a page containin
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
erform clipboard operations. If you disable this policy setting, a script cannot perform a clipboard operation. If you do not configure this p
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
own box, only behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available. If you disa
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
p windows are not prevented from appearing. If you do not configure this policy setting, pop-up windows are not prevented from appeari
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
t receive a security information message (This page contains both secure and nonsecure items. Do you want to display the nonsecure item
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
ed by publishers who aren't trusted. Code signed by trusted publishers is silently downloaded. If you disable the policy setting, signed con
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
mpt in the drop-down box, users are queried to choose whether to allow the unsigned control to run. If you disable this policy setting, user
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
ther to drag or copy files from this zone. If you disable this policy setting, users are prevented from dragging files or copying and pasting fi
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
s policy setting, users can choose whether or not to render filters in this zone. Users can change this setting on the Security tab of the Inter
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
u disable this policy setting, files are prevented from being downloaded from the zone. If you do not configure this policy setting, files can
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
download. If you disable this policy setting, HTML fonts are prevented from downloading. If you do not configure this policy setting, HTML
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
ether to install desktop items from this zone. If you disable this policy setting, users are prevented from installing desktop items from this zo
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
eir sandbox (an area in memory outside of which the program cannot make calls), plus capabilities like scratch space (a safe and secure stor
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
tervention. If you select Prompt in the drop-down box, users are queried to choose whether to run applications and download files from IF
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
ame and password to query users for user IDs and passwords. After a user is queried, these values can be used silently for the remainder o
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
one. The security zone will run without the added layer of security provided by this feature. If you disable this policy setting, the actions th
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
tion are in the same window. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conten
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
ation are in different windows. Users cannot change this setting. If you enable this policy setting and click Disable, users cannot drag conte
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
box, users are queried whether to allow windows and frames to access applications from other domains. If you disable this policy setting, u
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
ficate or only one certificate. If you disable this policy setting, Internet Explorer prompts users with a "Client Authentication" message whe
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
e blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt. If you do not configure this
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar inst
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
the controls or plug-in to run. If you disable this policy setting, controls and plug-ins are prevented from running. If you do not configure t
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
o allow script interaction. If you disable this policy setting, script interaction is prevented from occurring. If you do not configure this policy
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
ol. If you disable this policy setting, Internet Explorer always checks with your antimalware program to see if it's safe to create an instance
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
nes. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scri
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
applets. If you disable this policy setting, scripts are prevented from accessing applets. If you do not configure this policy setting, scripts ca
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
y setting, Internet Explorer will execute signed managed components. If you select Prompt in the drop-down box, Internet Explorer will pro
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
mputers, and software packages to be automatically installed on users' computers. Medium safety to allow users to be notified of software
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
on pages in this zone can be submitted automatically. If you select Prompt in the drop-down box, users are queried to choose whether to
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web pag
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
feature. If you disable this policy setting, the possible harmful actions contained in script-initiated pop-up windows and windows that incl
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
d layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a wa
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
VBScript to run. If you selected Disable in the drop-down box, VBScript is prevented from running. If you do not configure or disable this p
s policy setting, the user can specify the hover color.
r of links not yet clicked in Internet Explorer. You must specify the link color (for example: 192,192,192). If you disable or do not configure t
r of links already clicked in Internet Explorer. You must specify the link color (for example: 192,192,192). If you disable or do not configure
gure this policy setting, the user can turn on or turn off the hover color option.
p right corner of the program will not work; if users click the Close button, they will be informed that the command is not available.
edence over the "File Menu: Disable Save As Web Page Complete" policy, which prevents users from saving the entire contents that are dis
d from the Save as Type box in the Save Web Page dialog box. Users can still save Web pages as hypertext markup language (HTML) files or
s will be informed that the command is not available. If you disable this policy or do not configure it, users can open a new browser window
sable this policy or do not configure it, users can open a Web page from the browser File menu. Caution: This policy does not prevent user
bout Microsoft products.
e Users command on the Help menu. Caution: Enabling this policy does not remove the tips for Netscape users from the Microsoft Interne
ottom of the browser.

ht-clicks a webpage. If you disable or do not configure this policy setting, users can use the shortcut menu.
rites command on the shortcut menu is disabled; when users click it, they are informed that the command is unavailable. If you disable thi
window by using the shortcut menu. This policy can be used in coordination with the "File menu: Disable New menu option" policy, which
will be informed that the command is not available. If you disable this policy or do not configure it, users can download programs from the
enu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users
enu in Internet Explorer will not be available. Starting with Windows 8, the Print flyout for Internet Explorer will not be available, and users
the Internet Options command on the Tools menu, they are informed that the command is unavailable. If you disable this policy or do no
te problems dialog box. If you disable or do not configure this policy setting, the menu options will be available.
te problems dialog box. If you disable or do not configure this policy setting, the menu options will be available.
ers can display the browser in a full screen. This policy is intended to prevent users from displaying the browser without toolbars, which m
m the browser View menu. Caution: This policy does not prevent users from viewing the HTML source of a Web page by right-clicking a We
turned on. The user cannot change this setting. If you do not configure this policy setting, the user can turn on or off automatic image resi
r. The user cannot turn on image display. However, the user can still display an individual image by right-clicking the icon that represents the
ay these files. If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" se
ay these files. If you do not configure this policy setting, the user can change the "Enable alternative codecs in HTML5 media elements" se
able this policy setting, placeholders appear for graphical images while the images are downloading. The user cannot change this policy se
r cannot turn it off. If you do not configure this policy setting, the user can turn on or turn off smart image dithering.
t, you cannot set this limit. Note: This setting does not appear in the user interface.
you cannot set this limit. Note: This setting does not appear in the user interface.
ou cannot set this limit. Note: This setting does not appear in the user interface.
annot set this limit. Note: This setting does not appear in the user interface.
, you cannot set this limit. Note: This setting does not appear in the user interface.
e this policy setting, the printing of background colors and images is turned on. The user cannot turn it off. If you disable this policy setting
Slices in the background.
Slices in the background.
setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an
setting through the Feed APIs. If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an
or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders. If you disable or do not configure th
or delete a feed or Web Slice by using the Feed APIs. A developer also cannot create or delete folders. If you disable or do not configure th
onfigure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
onfigure this policy setting, the user receives a notification when a feed or Web Slice is available and can click the feed discovery button.
access the feed list in the Favorites Center.
access the feed list in the Favorites Center.
s secure HTTP connection. If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to s
s secure HTTP connection. If you disable or do not configure this policy setting, the Windows RSS Platform does not authenticate feeds to s
rms a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable t
rms a Clipboard operation. This means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable t
is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is current
is running in the Internet Explorer process performs a Clipboard operation. In the Internet Explorer process, if the zone behavior is current
n the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is en
n the Internet Explorer process" policy. If the "Bypass prompting for Clipboard access for scripts running in any process" policy setting is en
nnot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. • Display the re
nnot use the Address bar for searches. The user can still perform searches on the Search bar by clicking the Search button. • Display the re
displayed in the main window. • Enable top result search: When a user performs a search in the Address bar, the user is directed to an ext
displayed in the main window. • Enable top result search: When a user performs a search in the Address bar, the user is directed to an ext
policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
policy setting, the user can choose to run natively implemented, scriptable XMLHTTP.
ed data. If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a faile
ed data. If you enable this policy setting, Data URI support is turned off. Without Data URI support, a Data URI will be interpreted as a faile
SetProcessDEPPolicy function. If you disable or do not configure this policy setting, Internet Explorer uses the SetProcessDEPPolicy functio
ends). If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be
ends). If you enable this policy setting, the reveal password button will be hidden for all password fields. Users and developers will not be
y setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host). In versions of Internet Explorer before
y setting, Internet Explorer uses the default connection limit for HTTP 1.1 (6 connections per host). In versions of Internet Explorer before
versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
versions of Internet Explorer prior to Internet Explorer 8, the default connection limit for HTTP 1.0 was 4.
uments can request data across third-party domains embedded in the page.
uments can request data across third-party domains embedded in the page.
ting cross-domain data through a server. If you enable this policy setting, websites cannot request data across domains by using the XDom
ting cross-domain data through a server. If you enable this policy setting, websites cannot request data across domains by using the XDom
s in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server. If you enable
s in Internet Explorer 10. Also, this policy setting does not prevent a site from requesting cross-domain data through a server. If you enable
not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
not configure this policy setting, Internet Explorer uses the default limit of 6 WebSocket connections per server.
mplete the signup process after the branding is complete for ISPs (IEAK). The user cannot change this behavior. If you disable this policy se
pecific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check. If you enable this pol
pecific toolbars or Browser Helper Objects that are enabled or disabled via policy settings do not undergo this check. If you enable this pol

ot configure it, users can determine which toolbars are displayed in File Explorer and Internet Explorer. This policy can be used in coordina
er the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer. If you enable this policy, the
bar will be displayed with its default settings, unless users customize it.
ng, the Command bar is shown by default, and the user can choose to hide it.
ng, the Command bar is shown by default, and the user can choose to hide it.
bar is shown by default, and the user can choose to hide it.
bar is shown by default, and the user can choose to hide it.
he toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
he toolbars are locked by default, but the user can unlock them through the shortcut menu of the Command bar.
ns are next to the Address bar, and the user cannot move them. If you do not configure this policy setting, the Stop and Refresh buttons ar
ns are next to the Address bar, and the user cannot move them. If you do not configure this policy setting, the Stop and Refresh buttons ar
ge how command buttons are displayed: Show all text labels: All command buttons have only text. Show selective text: Some command b
ge how command buttons are displayed: Show all text labels: All command buttons have only text. Show selective text: Some command b
t be made bigger (20 x 20 pixels). If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user can
t be made bigger (20 x 20 pixels). If you do not configure this policy setting, icons for command buttons are 16 x 16 pixels, and the user can

cify the update check interval.


disable or do not configure this policy setting, the user can change the URL that is displayed for checking updates to Internet Explorer and
oval. If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to
oval. If you enable this policy setting, the ActiveX Opt-In prompt does not appear. Internet Explorer does not ask the user for permission to

ActiveX controls, including per-user controls, are installed through the standard installation process.
ActiveX controls, including per-user controls, are installed through the standard installation process.
uggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions. If you disable this policy setting, the entry points an
uggested Sites. The user’s browsing history is sent to Microsoft to produce suggestions. If you disable this policy setting, the entry points an
. If you disable this policy setting, InPrivate Browsing is available for use. If you do not configure this policy setting, InPrivate Browsing can
. If you disable this policy setting, InPrivate Browsing is available for use. If you do not configure this policy setting, InPrivate Browsing can
s. If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session. If you disable this po
s. If you enable this policy setting, toolbars and BHOs are not loaded by default during an InPrivate Browsing session. If you disable this po
e this policy setting, InPrivate Filtering data collection is turned off. If you disable this policy setting, InPrivate Filtering collection is turned
e this policy setting, InPrivate Filtering data collection is turned off. If you disable this policy setting, InPrivate Filtering collection is turned
tails about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30
tails about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 30
es that users have visited. If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering d
es that users have visited. If you enable this policy setting, InPrivate Filtering is turned off in all browsing sessions, and InPrivate Filtering d
details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 3
details about a user's browsing. However, doing so may cause compatibility issues on some websites. The allowed value range is 3 through 3
ebsites that users have visited. If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protec
ebsites that users have visited. If you enable this policy setting, Tracking Protection is disabled in all browsing sessions, and Tracking Protec
and non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are pr
and non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are pr
non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are provid
non-default Accelerators should not overlap. If you disable or do not configure this policy setting, the user has Accelerators that are provid

nfigure this policy setting, the user can access any Accelerators that he or she has installed.
nfigure this policy setting, the user can access any Accelerators that he or she has installed.
nternet Explorer. If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string a
nternet Explorer. If you enable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string a
do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
do not configure this policy setting, the user can use the Compatibility View button and manage the Compatibility View sites list.
ntranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot chang
ntranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot chang
not configure this policy setting, the user can use the Compatibility View button.
not configure this policy setting, the user can use the Compatibility View button.
he user can add and remove sites from the list.
he user can add and remove sites from the list.
gent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
gent string (with an additional string appended). Additionally, webpages included in this list appear in Quirks Mode.
omatically displayed in Compatibility View. If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally
omatically displayed in Compatibility View. If you disable this policy setting, the Microsoft-provided website lists are not used. Additionally

setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report lo
setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report lo
KLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE. If you dis
KLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE. If you dis
ude at least one site in the Enterprise Mode Site List. Enabling this setting automatically opens all sites not included in the Enterprise Mod
ude at least one site in the Enterprise Mode Site List. Enabling this setting automatically opens all sites not included in the Enterprise Mod
ng Microsoft Edge with Enterprise Mode. If you disable or don't configure this setting, the default app behavior occurs and no additional p
ng Microsoft Edge with Enterprise Mode. If you disable or don't configure this setting, the default app behavior occurs and no additional p
. If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application cache
. If you disable or do not configure this policy setting, users can set default data storage limits for indexed databases and application cache
sable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on
sable this policy setting, websites will not be able to store an indexed database on client computers. Allow website database and caches on
vidual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data
vidual domain, Internet Explorer sends an error to the website. No notification is sent to the user. This group policy sets the maximum data
aved on their computer. The default maximum storage limit for all indexed databases is 4 GB. If you enable this policy setting, you can set
aved on their computer. The default maximum storage limit for all indexed databases is 4 GB. If you enable this policy setting, you can set
e this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Webs
e this policy setting, websites will not be able to store application caches on client computers. Allow website database and caches on Webs
dual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maxim
dual domain, Internet Explorer sends an error to the website. No notification will be displayed to the user. This group policy sets the maxim
n their computer. The default maximum storage limit for all application caches is 1 GB. If you enable this policy setting, you can set the ma
n their computer. The default maximum storage limit for all application caches is 1 GB. If you enable this policy setting, you can set the ma
cy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting. If you di
cy setting, Internet Explorer will remove application caches that haven't been used within the timeframe set in this policy setting. If you di
ends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit a
ends an error to the website. No notification will be displayed to the user. When you set this policy setting, you provide the resource limit a
en you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Exp
en you set this policy setting, you provide the resource size limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Exp
ng, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start w
ng, Internet Explorer starts a new browsing session with the tabs from the last browsing session. Users cannot change this option to start w
can choose how Internet Explorer tiles are opened.
can choose how Internet Explorer tiles are opened.
e or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
e or do not configure this policy setting, users can choose how links are opened in Internet Explorer.
ed off. If you do not configure this policy, users can turn on or turn off automatic updates from the About Internet Explorer dialog. Note: T
a will be written to the WMI class. Enabling or disabling this setting will not impact other output methods available for the SDTK.
a will be written to the WMI class. Enabling or disabling this setting will not impact other output methods available for the SDTK.
isabling this setting will not impact other output methods available for the SDTK.
isabling this setting will not impact other output methods available for the SDTK.
be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery. To config
be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery. To config
will be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery. To
will be included in site discovery. This policy can be used in conjunction with other policies controlling sites included in Site Discovery. To
o improve handwriting recognition in future versions of Windows. If you enable this policy, users cannot start the handwriting recognition
o improve handwriting recognition in future versions of Windows. If you enable this policy, users cannot start the handwriting recognition

then that setting overrides this one.


on about previous logons during user logon" policy setting located in the Windows Logon Options node under Windows Components also n
e forest search is performed by using a global catalog or name suffix hints. If a match is found, the KDC will return a referral ticket to the clie
mic Access Control and are Kerberos armor-aware will use this feature for Kerberos authentication messages. This policy should be applied
vents. If set too high, then authentication failures might be occurring even though warning events are not being logged. If set too low, the
this policy setting, domain controllers will request compound authentication. The returned service ticket will contain compound authentica
hness Extension. If you enable this policy setting, the following options are supported: Supported: PKInit Freshness Extension is supported
ngs, enable the policy setting and then click the Show button. To add a mapping, enable the policy setting, note the syntax, and then click S
erberos V5 realms, enable the policy setting and then click the Show button. To add an interoperable Kerberos V5 realm, enable the policy
U) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the
rberos client requests a referral ticket to the appropriate domain. If you disable or do not configure this policy setting, the Kerberos client
later attempt to use Kerberos by generating an SPN. If you enable this policy setting, only services running as LocalSystem or NetworkSe
o map a KDC proxy server to a domain, enable the policy setting, click Show, and then map the KDC proxy server name(s) to the DNS name
proxy connections. Warning: When revocation check is ignored, the server represented by the certificate is not guaranteed valid. If you d
ation for all its users will fail from computers with this policy setting enabled. If you enable this policy setting, the client computers in the d
nistrator must configure the policy "Support Dynamic Access Control and Kerberos armoring" on all the domain controllers to support this p
quest processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token. If you enable this poli
ormation required to create compounded authentication and armor Kerberos messages in domains which support claims and compound a
ring" and "Request compound authentication" must be configured and enabled in the resource account domain. If you enable this policy s
domain. If you enable this policy setting, the device s’ credentials will be selected based on the following options: Automatic: Device will a
role services installed. Policy configuration Select one of the following: - Not Configured. With this selection, hash publication settings ar
version that is supported, content information for that version is the only type that is generated by BranchCache, and it is the only type of c
fault cipher suite order is used. SMB 3.11 cipher suites: AES_128_GCM AES_128_CCM SMB 3.0 and 3.02 cipher suites: AES_128_CCM H
u disable or do not configure this policy setting, the SMB server will select the cipher suite the client most prefers from the list of server-su
ault cipher suite order is used. SMB 3.11 cipher suites: AES_128_GCM AES_128_CCM SMB 3.0 and 3.02 cipher suites: AES_128_CCM H
Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environ
a CA-enabled share. Pinning of files on CA-enabled shares using client-side caching will also be possible. If you disable or do not configure
atedly accessing a large number of unstructured data files on CA shares running in Microsoft Azure Files. If you disable or do not configure
ems. This policy setting takes effect only under the following conditions: -- If the diagnostics-wide scenario execution policy is not configu
you enable this policy setting, additional options are available to fine-tune your selection. You may choose the "Allow operation while in d
activities such as bandwidth estimation and network health analysis. If you enable this policy setting, additional options are available to fin
gure this policy setting, all programs on this computer can use the Windows Location Provider feature.
programs and services that the system starts. If you enable this policy setting, the system ignores the run list for Windows Vista, Windows
programs and services that the system starts. If you enable this policy setting, the system ignores the run list for Windows Vista, Windows
f you enable this policy setting, the system ignores the run-once list. If you disable or do not configure this policy setting, the system runs t
f you enable this policy setting, the system ignores the run-once list. If you disable or do not configure this policy setting, the system runs t

ting it on the Start menu or by typing ""Welcome"" in the Run dialog box. If you disable or do not configure this policy, the welcome screen
policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or do
policy setting, click Show. In the Show Contents dialog box in the Value column, type the name of the executable program (.exe) file or do
it for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials, which results in shorter
nding users to wait while their system starts or shuts down, or while users log on or off.
ting it on the Start menu or by typing ""Welcome"" in the Run dialog box. If you disable or do not configure this policy, the welcome screen
or logging off the system. If you disable or do not configure this policy setting, only the default status messages are displayed to the user d
hat Switch User interface appear are in the Logon UI, the Start menu and the Task Manager. If you disable or do not configure this policy se

users will be offered the opt-in prompt for services during their first sign-in. If you enable this policy setting, Microsoft account users will se
If you disable or do not configure this policy setting, Windows uses the default Windows logon background or custom background.
connect the PC from the network or can connect the PC to other available networks without signing into Windows.
d on domain-joined computers.

t details on the sign-in screen.

ng, MDM Enrollment will be disabled for all users. It will not unenroll existing MDM enrollments. If you disable this policy setting, MDM En
attempt to get an AAD token, and if so, will enroll with it using the URL configured in AAD If you disable this policy setting, MDM will be un

n functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure sear
n functionality. Therefore, because search suggestions are shown in the drop-down, this setting takes precedence over the "Configure sear
you disable this setting, employees can't use Autofill to automatically fill in forms while using Microsoft Edge. If you don't configure this setti
you disable this setting, employees can't use Autofill to automatically fill in forms while using Microsoft Edge. If you don't configure this setti
s asking for tracking info. If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info. If you don't
s asking for tracking info. If you disable this setting, Do Not Track requests are never sent to websites asking for tracking info. If you don't

ssword Manager to save their passwords locally. If you don't configure this setting, employees can choose whether to use Password Mana
ssword Manager to save their passwords locally. If you don't configure this setting, employees can choose whether to use Password Mana
don't configure this setting, employees can choose whether to use Pop-up Blocker.
don't configure this setting, employees can choose whether to use Pop-up Blocker.
rosoft browser extension policy (aka.ms/browserpolicy). If you enable or don't configure this policy, users can add new search engines and
rosoft browser extension policy (aka.ms/browserpolicy). If you enable or don't configure this policy, users can add new search engines and
Microsoft Edge. If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. If you don't configu
Microsoft Edge. If you disable this setting, employees can't see search suggestions in the Address bar of Microsoft Edge. If you don't configu
nable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defen
nable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defen
If you use this setting, employees can't change it. If you don't configure this setting, employees can choose how new tabs appears.
If you use this setting, employees can't change it. If you don't configure this setting, employees can choose how new tabs appears.
If you disable or don't configure this setting, Microsoft Edge shows the Books Library only in countries or regions where it's supported.
If you disable or don't configure this setting, Microsoft Edge shows the Books Library only in countries or regions where it's supported.
bsites. If you disable or don't configure this setting, all cookies are allowed from all sites.
bsites. If you disable or don't configure this setting, all cookies are allowed from all sites.
/browserpolicy). If you enable this setting, you can choose a default search engine for your employees. If this setting is enabled, you must
/browserpolicy). If you enable this setting, you can choose a default search engine for your employees. If this setting is enabled, you must
sed with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). If yo
sed with domain-joined or MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). If yo
n the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and
n the Hub or Favorites Bar). The user favorites will appear after these provisioned favorites. Important Don't enable both this setting and
d to be viewed using Internet Explorer 11 and Enterprise Mode. If you disable or don't configure this setting, Microsoft Edge won't use the
d to be viewed using Internet Explorer 11 and Enterprise Mode. If you disable or don't configure this setting, Microsoft Edge won't use the
esses are shown while making calls using the WebRTC protocol.
esses are shown while making calls using the WebRTC protocol.
e pages by using angle brackets in this format: <support.contoso.com><support.microsoft.com> Version 1703 or later: If you don't want t
e pages by using angle brackets in this format: <support.contoso.com><support.microsoft.com> Version 1703 or later: If you don't want t
MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). If you enable this setting, you c
MDM-enrolled devices. For more info, see the Microsoft browser extension policy (aka.ms/browserpolicy). If you enable this setting, you c
ems (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Inte
ems (such as, Create a new folder) are all turned off. Important Don't enable both this setting and the Keep favorites in sync between Inte
able or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.
able or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.
If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download
If you disable or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue the download
st also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. If you disable or don't configure
st also provide a list of Favorites in the Options section. This list is imported after your policy is deployed. If you disable or don't configure
disable or don't configure this setting, all intranet sites are automatically opened using Microsoft Edge.
disable or don't configure this setting, all intranet sites are automatically opened using Microsoft Edge.
you disable or don't configure this setting, the default app behavior occurs and no additional page appears.
you disable or don't configure this setting, the default app behavior occurs and no additional page appears.
can access the about:flags page.
can access the about:flags page.
ce when a user pins a Live Tile to the Start menu. If you disable or don't configure this setting, Microsoft Edge gathers the Live Tile metada
ce when a user pins a Live Tile to the Start menu. If you disable or don't configure this setting, Microsoft Edge gathers the Live Tile metada
yees will see the First Run page when opening Microsoft Edge for the first time.
yees will see the First Run page when opening Microsoft Edge for the first time.
s between Internet Explorer and Microsoft Edge.
s between Internet Explorer and Microsoft Edge.
ck, specifically by how often the content is allowed to load and run.
ck, specifically by how often the content is allowed to load and run.
options under Settings.
options under Settings.

ble or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates
ble or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the list from Microsoft, applying the updates
les or add or remove snap-ins. Also, because they cannot open author-mode console files, they cannot use the tools that the files contain.
d/Permitted snap-ins setting folder and enable the settings representing the snap-in you want to permit. If a snap-in setting in the folder is
r prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
r prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
r prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
ve Directory Users and Computers and Active Directory Sites and Services snap-ins. If you disable the setting, the Group Policy tab is not di
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
be added into the Microsoft Management Console or run from the command line as a standalone console. An error message is displayed
ke Windows Mobility Center and the .exe file launches it. If you do not configure this policy setting, Windows Mobility Center is on by defa
ke Windows Mobility Center and the .exe file launches it. If you do not configure this policy setting, Windows Mobility Center is on by defa
give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking,
give users a quick and easy way to configure their system settings before a presentation to block system notifications and screen blanking,
es, so it is recommended to set this policy when setting up a device to prevent any cached tokens from being present on the device. This po
Maintenance/Automatic Maintenance Control Panel. If you disable or do not configure this policy setting, the daily scheduled time as spec
ng from its Activation Boundary, by upto this time. If you do not configure this policy setting, 4 hour random delay will be applied to Autom
g has no effect. If you enable this policy setting, Automatic Maintenance will attempt to set OS wake policy and make a wake request for th
rofessional to resolve a problem. If you disable this policy setting, MSDT cannot gather diagnostic data. If you do not configure this policy
ols are required to completely troubleshoot the problem. If tool download is restricted, it may not be possible to find the root cause of the
nal to resolve a problem. By default, the support provider is set to Microsoft Corporation. If you disable this policy setting, MSDT cannot r
is required. This is the default recovery behavior on Windows client. Silent: Detection, troubleshooting, and notification of MSI application
em privileges. Because the installation is running with elevated system privileges, users can browse through directories that their own perm
m privileges. This policy setting does not affect installations that run in the user's security context. By default, users can install from remov
ecause patches can easily be vehicles for malicious programs, some installations prohibit their use. If you disable or do not configure this p
signed to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets us
signed to the computer (installed automatically), or made available in Add or Remove Programs in Control Panel. This profile setting lets us
art Manager box to control file in use detection behavior. -- The "Restart Manager On" option instructs Windows Installer to use Restart M
lation file source from the "Use features from" list that the system administrator configures. This policy setting applies even when the inst
actions. The flyweight patching mode is primarily designed for patches that just update a few files or registry values. The Installer will analy
ckage settings box to control automatic logging via package settings behavior. -- The "Logging via package settings on" option instructs Win
es even when the installation is running in the user's security context. If you disable or do not configure this policy setting, users can instal
sh an installation setting. -- The "Never" option indicates Windows Installer is fully enabled. Users can install and upgrade software. This i
hicles for malicious programs, some installations prohibit their use. Note: This policy setting applies only to installations that run in the use
ation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the com
ation. It also prevents Windows Installer from retaining files it intends to delete later. As a result, Windows Installer cannot restore the com
olation. If you disable or do not configure this policy setting, the security features of Windows Installer prevent users from changing instal
nable this policy setting, only administrators or users with administrative privileges can apply updates to Windows Installer based applicatio
emoved by users or administrators. If you enable this policy setting, updates cannot be removed from the computer by a user or an admin
dows Installer does not generate System Restore checkpoints when installing applications. If you disable or do not configure this policy setti
es use of products that are installed per user, and products that are installed per computer. If the installer finds a per-user install of an appl
a component from a feature. This can also occur if you change the GUID of a component. The component identified by the original GUID a
es user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the
vent type is recorded, type the letter representing the event type. You can type the letters in any order and list as many or as few event typ
elect or refuse the installation. If you enable this policy setting, the warning is suppressed and allows the installation to proceed. This poli
able this policy setting, you can change the search order by specifying the letters representing each file source in the order that you want W
nfigure this policy setting on Windows Server 2003, Windows Installer requires the transform file in order to repeat an installation in which
tting, by default, the shared component functionality is allowed.

n attaches the generated log files as a .html file. The user can review the message and add additional information before sending the mess
s connectivity is “Corporate Connection”.
ess intranet access. If this setting is not configured, the entry for DirectAccess connectivity appears.
mputer uses whatever normal name resolution is available to the client computer in its current network configuration, including sending a

by a fully qualified domain name (FQDN) that resolves to an IPv6 address, or an IPv6 address. Examples: PING:myserver.corp.contoso.com
er that the DirectAccess client computer connection is using. In default configurations of DirectAccess, there are typically two IPsec tunnel
ork; otherwise it is outside the network.

DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection. If you enable this policy setting,
24*60*60=4233600). The minimum value for this setting is 0. This setting is relevant only to those callers of DsGetDcName that have spec
ue set in this setting, that value becomes the retry interval for all subsequent retries until the value set in Final DC Discovery Retry Setting i
this policy setting is reached, no more retries occur. If a value for this policy setting is smaller than the value in the Use maximum DC disco
aximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*24*60*60=4233600). Any la
information will be logged to the file. Higher values result in more verbose logging; the value of 536936447 is commonly used as an optim
o not confihgure this policy setting, it is not applied to any computers, and computers use their local configuration.
ached the log file is saved to netlogon.bak and netlogon.log is truncated. A reasonable value based on available storage should be specifie
The default value for this setting is 45 seconds. The maximum value for this setting is 7 days (7*24*60*60). The minimum value for this setti
ests for exclusive read access to files on the share even when the caller has only read permission. If you disable or do not configure this po
DsGetDcName that have not specified the DS_BACKGROUND_ONLY flag. The default value for this setting is 30 minutes (1800). The maxim
ts to add the <DomainName>[1B] NetBIOS name if it hasn’t already been successfully added. None of these operations are critical. 15 min
site name. When the site to which a computer belongs is not specified, the computer automatically discovers its site from Active Directory.
r exclusive read access to files on the share even when the caller has only read permission. When this setting is disabled or not configured
clusively, to locate a domain controller hosting an Active Directory domain specified with a single-label name. If you enable this policy setti
ehavior, is not used if the AllowSingleLabelDnsDomain policy setting is enabled. By default, when no setting is specified for this policy, the
e, and they are used to locate the DC. If you enable this policy setting, the DCs to which this setting is applied dynamically register DC Loca
g is applied. Select the mnemonics from the following list: Mnemonic Type DNS Record LdapIpAddress A <DnsDomainName> Ld
dynamic update. DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their recor
d then enter a value in seconds (for example, the value "900" is 15 minutes). If you do not configure this policy setting, it is not applied to
er GC Locator DNS SRV records for those sites without a GC that are closest to it. The GC Locator DNS records and the site-specific SRV reco
arget hosts (specified in the SRV record’s Target field). DNS clients that query for SRV resource records attempt to contact the first reachabl
addition to the Priority value to provide a load-balancing mechanism where multiple servers are specified in the SRV records Target field an
stered for the site where the DC resides, and records registered by a DC configured to register DC Locator DNS SRV records for those sites w
er DC Locator DNS SRV records for those sites without a DC that are closest to it. The DC Locator DNS records are dynamically registered b
etting is applied dynamically register DC Locator DNS resource records through dynamic DNS update-enabled network connections. If you d
s used by clients to find domain controllers for their Active Directory domain. The default behavior for DC Locator is to find a DC in the sam
to improve the efficiency of the location algorithm. As long as the cached domain controller meets the requirements and is running, DC Lo
rn IPv6 DC address. The returned IPv6 DC address may not be correctly handled by some of the existing applications. So this policy is provi
Windows. By default, Net Logon will not allow the older cryptography algorithms to be used and will not include them in the negotiation o
cator then sends a mailslot message to each remote DC to get more information. DC location succeeds only if a remote DC responds to the
very as a fallback mechanism. NetBIOS-based discovery uses a WINS server and mailslot messages but does not use site information. Henc
pping can be computed, the DC may do an address lookup on the client network name to discover other IP addresses which may then be u
fficient to find DCs running a newer operating system. This policy setting can be enabled to configure DC locator to be more aggressive abou
ttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Co
iders. If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings
As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server informati
domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. The Network Bridge a
tors cannot enable or disable the components that a connection uses. Important: If the "Enable Network Connections settings for Adminis
n addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Ne
context menu for a remote access connection and on the File menu in the Network Connections folder. Important: If the "Enable Networ
enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users
ohibit the use of certain features from Administrators. By default, Network Connections group settings in Windows XP Professional do not
dicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP addr
ork Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operator
-clicking it, or by using the File menu. If you disable this setting (and enable the "Enable Network Connections settings for Administrators"
ns settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connec
nnections folder. As a result, users (including administrators) cannot start the New Connection Wizard. Important: If the "Enable Network C
n a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a co
ermines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available
enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including adm
ncluding administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setti
n. This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dial
connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu. If you d
ble Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disable
Rename option is disabled for nonadministrators only. If you do not configure this setting, only Administrators and Network Configuration O
g (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including
ch as name resolution and addressing through DHCP, to the local private network. If you enable this setting, ICS cannot be enabled or con
gure the properties of the connection. If you enable this setting, the connection status taskbar icon and Status dialog box are not available
out elevating.
used when a user is connected to a network with local access only.
he secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gatewa
setting, apps on proxied networks can access the Internet without relying on the Private Network capability. However, in most situations W
an administrator to configure a set of proxies that provide access to intranet resources. If you disable or do not configure this policy settin
ccessible to apps if and only if the app has declared the Home/Work Networking capability. Windows Network Isolation attempts to autom
onfigured with Group Policy are authoritative. This applies to both Internet and intranet proxies. If you disable or do not configure this pol
corporate environment. Only network hosts within the address ranges configured via Group Policy will be classified as private. If you disab
ctions to these resources are considered connections to enterprise networks. If a proxy is paired with a cloud resource, traffic to the cloud

older available offline, all folders within that folder are also made available offline. Also, new folders that you create within a folder that is a
folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave
folder, click Show. In the Show Contents dialog box in the Value Name column, type the fully qualified UNC path to the file or folder. Leave
ox in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline whe
ox in the Value Name column box, type the server's computer name. Then, in the Value column box, type "0" if users can work offline whe
s it. Automatic caching can be set on any network share. When a user opens a file on the share, the system automatically stores a copy of t
policy setting, Offline Files is disabled and users cannot enable it. If you do not configure this policy setting, Offline Files is enabled on Win
in the Offline Files cache are encrypted. This includes existing files as well as files added later. The cached copy on the local computer is aff
dditional events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you
dditional events you want Offline Files to record. To use this setting, in the "Enter" box, select the number corresponding to the events you
s try to make a file of this type available offline, the operation will fail and the following message will be displayed in the Synchronization M
If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that th
If you enable this setting, you can use the "Action" box to specify how computers in the group respond. -- "Work offline" indicates that th
ver status, type, or location. This setting does not prevent users from working offline or from saving local copies of files available offline. A
ver status, type, or location. This setting does not prevent users from working offline or from saving local copies of files available offline. A
As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. This is a comprehensive setting that
As a result, users cannot view or change the options on the Offline Files tab or Offline Files dialog box. This is a comprehensive setting that
c caching. If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make availabl
c caching. If you disable or do not configure this policy setting, users can manually specify files and folders that they want to make availabl
n the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value colum
n the Show Contents dialog box, in the Value Name column box, type the fully qualified UNC path to the file or folder. Leave the Value colum
o proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the
o proceed. If you enable this setting, the system hides the reminder balloons, and prevents users from displaying them. If you disable the
r do not configure it, automatically and manually cached copies are retained on the user's computer for later offline use. Caution: Files are
updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are
updated periodically. By default, the first reminder for an event is displayed for 30 seconds. Then, updates appear every 60 minutes and are
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This settin
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the duration of the first reminder. This settin
and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. This setting appears in the Com
and are displayed for 15 seconds. You can use this setting to change the duration of the update reminder. This setting appears in the Com
matically reconnect to a server when the presence of a server is detected. If you enable this setting, you can configure the threshold value
ully synchronized. Full synchronization ensures that offline files are complete and current. If you disable this setting, the system only perfo
ully synchronized. Full synchronization ensures that offline files are complete and current. If you disable this setting, the system only perfo
ully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enab
ully synchronized at logon. Full synchronization ensures that offline files are complete and current. Enabling this setting automatically enab
ction to "Full" ensures that all cached files and folders are up-to-date with the most current version. If you disable or do not configuring th
ction to "Full" ensures that all cached files and folders are up-to-date with the most current version. If you disable or do not configuring th
ped and are synchronized later. If you disable this policy setting, all administratively assigned folders are synchronized at logon.
n the slow-link mode, all network file requests are satisfied from the Offline Files cache. This is similar to a user working offline. If you ena
setting also disables the ability to adjust, through the Offline Files control panel applet, the disk space limits on the Offline Files cache. This
ou can control when Windows synchronizes in the background while operating in slow-link mode. Use the 'Sync Interval' and 'Sync Varianc
user response times and decreases bandwidth consumption over WAN links. The cached files are temporary and are not available to the u
ou disable or do not configure this policy setting, a user can create a file of any type in the folders that have been made available offline.
licy setting, the "Work offline" command is displayed in File Explorer.
licy setting, the "Work offline" command is displayed in File Explorer.
his may result in extra charges on cell phone or broadband plans. If this setting is disabled or not configured, synchronization will not run in
tyFeed shall disable cloud sync. Policy change takes effect immediately.

r protocols will be turned off. If you disable this setting or do not configure it, the peer-to-peer protocols will be turned on.
traps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find it w
lish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so tha
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
node running peer to peer can be used as a seed server. No configuration is needed for the seed server itself. This setting provides the adde
otstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find
lish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so tha
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
is setting allows for setting the seed server to a specified node in an enterprise. To use this setting, click Enable, and then enter a semicolo
otstraps itself is by using multicast on the same subnet. That is, PNRP publishes itself on the local subnet, so that other computers can find
lish peer-to-peer (P2P) connections. The PNRP cloud is a group of connected PNRP nodes, in which connections exist between peers so tha
other computers cannot detect that client and initiate sessions with it. If you enable this policy setting, this computer cannot register PNRP
is setting allows for setting the seed server to a specified node in an enterprise. To use this setting, click Enable, and then enter a semicolo
that are weaker than what would be allowed for a login password. This setting controls this validation behavior. If set to 1, then this valid
es for all users. If you disable this policy setting, the device does not provision Windows Hello for Business for any user. If you do not confi
es for all users. If you disable this policy setting, the device does not provision Windows Hello for Business for any user. If you do not confi
curity devices, which prevents Windows Hello for Business provisioning from using those devices. If you disable or do not configure this po
ric gestures. If you disable this policy setting, Windows Hello for Business prevents the use of biometric gestures. NOTE: Disabling this pol
ncrypts a recovery secret, which is stored on the device, and requires both the PIN recovery service and the device to decrypt. PIN recovery
rolled in Windows Hello for Business. If you enable this policy setting, phone sign-in will be enabled, allowing the use of a phone as a comp
ver is the lowest. If you configure this policy setting, the PIN length must be greater than or equal to this number. If you disable or do not
ever is greater. If you configure this policy setting, the PIN length must be less than or equal to this number. If you disable or do not config

e this policy setting, Windows does not allow users to use special characters in their PIN.

If this policy is set to 0, then storage of previous PINs is not required. Default: 0.

cy setting, Windows Hello for Business enrolls a key that is used for on-premises authentication. NOTE: Disabling or not configuring this po
cy setting, Windows Hello for Business enrolls a key that is used for on-premises authentication. NOTE: Disabling or not configuring this po
f xml for each signal type to be verified. If you enable this policy setting, the user will have to use one factor from each list to successfully
ng locking options. For more information see: https://go.microsoft.com/fwlink/?linkid=849684
able or do not configure this policy setting, Windows Hello for Business provisions Windows Hello for Business credentials compatible with
their own factors for authentication. If you disable or do not configure this policy setting, Windows does not allow the enumeration of pro
patibility issues. When failures are detected, the PCA will provide options to run the application in a compatibility mode or get help online t

ttings: - Set BranchCache Distributed Cache mode - Set BranchCache Hosted Cache mode - Configure Hosted Cache Servers Policy configu
he cache is set to 5 percent of the total disk space on the client computer. Policy configuration Select one of the following: - Not Configure
he mode client, it is able to download cached content from a hosted cache server that is located at the branch office. In addition, when the
nload content from BranchCache-enabled main office content servers, cache the content locally, and serve the content to other BranchCac
nload content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting, which is the maxim
puters to which the policy setting is applied search for hosted cache servers using Active Directory, and will prefer both these servers and h
rs that are using different versions of BranchCache might store cache data in incompatible formats. If you enable this policy setting, all clien
sted cache servers that are installed in the same office location. You can use this setting to automatically configure client computers that a
olicy configuration Select one of the following: - Not Configured. With this selection, BranchCache client computer cache age settings are n

problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no corrective a
by/Resume Performance problems and attempt to determine their root causes. These root causes will be logged to the event log when dete
nsiveness problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no c
rformance problems and attempt to determine their root causes. These root causes will be logged to the event log when detected, but no
re not processed. If you do not configure this policy setting, the DPS will enable Windows Performance PerfTrack by default.
ntrol this setting.
ol this setting.
"Critical Battery Notification Action" policy setting. If you disable this policy setting or do not configure it, users control this setting.
Battery Notification Action" policy setting. If you disable this policy setting or do not configure it, users control this setting.
ation level, see the "Low Battery Notification Level" policy setting. The notification will only be shown if the "Low Battery Notification Actio
n see and change this setting.
see and change this setting.
can see and change this setting.
n see and change this setting.
see and change this setting.
can see and change this setting.

rs can see and change this setting.


rs can see and change this setting.
llowing format: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX (For example, 103eea6e-9fcd-4544-a713-c282d8e50083), indicating the powe
tting, users control this setting.
ble or do not configure this policy setting, users control if their computer is automatically locked or not after performing a resume operation
, users control this setting.
ure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is lock
for a password when the system resumes from sleep.
policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this c

, users control this setting.


ure this policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is lock
for a password when the system resumes from sleep.
policy setting, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this c

licy setting, Windows uses the same setting regardless of users’ keyboard or mouse behavior. If you do not configure this policy setting, us
licy setting, Windows uses the same setting regardless of users’ keyboard or mouse behavior. If you do not configure this policy setting, us
ng, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can preven
ng, users control this setting. If the user has configured a slide show to run on the lock screen when the machine is locked, this can preven
are not allowed.
are not allowed.
ware may rely on Windows shutdown behavior. This setting is only applicable when Windows shutdown is initiated by software programs in

e display. Windows will only reduce the brightness of the primary display integrated into the computer. If you disable or do not configure t
e display. Windows will only reduce the brightness of the primary display integrated into the computer. If you disable or do not configure t
If you disable or do not configure this policy setting, users control this setting.
If you disable or do not configure this policy setting, users control this setting.
etting, users control this setting.
etting, users control this setting.
y transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or
y transitions to sleep when left unattended. If you specify 0 seconds, Windows does not automatically transition to sleep. If you disable or
ations, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windo
ations, services, or drivers do not prevent Windows from automatically transitioning to sleep. Only user input is used to determine if Windo
etting, users can see and change this setting.
nfigure this policy setting, users control this setting.
nfigure this policy setting, users control this setting.
y restriction currently applies to WLAN networks only, and is subject to change. If you do not configure this policy setting, users control th
y restriction currently applies to WLAN networks only, and is subject to change. If you do not configure this policy setting, users control th

ted publisher. The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from th
ted publisher. The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from th
g the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled
g the LogPipelineExecutionDetails property of the module to True. If you disable this policy setting, logging of execution events is disabled
dows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file n
dows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file n
tion. If you disable this policy setting, logging of PowerShell script input is disabled. If you enable the Script Block Invocation Logging, Po
tion. If you disable this policy setting, logging of PowerShell script input is disabled. If you enable the Script Block Invocation Logging, Po
rent value with the SourcePath parameter on the Update-Help cmdlet. If this policy setting is disabled or not configured, this policy setting
rent value with the SourcePath parameter on the Update-Help cmdlet. If this policy setting is disabled or not configured, this policy setting
version corresponding to a backup. If you disable this policy setting, the Restore button remains active for a previous version correspondin
version corresponding to a backup. If you disable this policy setting, the Restore button remains active for a previous version correspondin
setting, users cannot list and restore previous versions of files on local disks. If you do not configure this policy setting, it defaults to disable
setting, users cannot list and restore previous versions of files on local disks. If you do not configure this policy setting, it defaults to disable
his policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button
his policy setting, the Restore button remains active for a previous version corresponding to a local file. If the user clicks the Restore button
s can list and restore previous versions of files on file shares. If you do not configure this policy setting, it is disabled by default.
s can list and restore previous versions of files on file shares. If you do not configure this policy setting, it is disabled by default.
ou disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clic
ou disable this policy setting, the Restore button remains active for a previous version corresponding to a file on a file share. If the user clic
to backup copies, and can see only previous versions corresponding to on-disk restore points. If you disable this policy setting, users can s
to backup copies, and can see only previous versions corresponding to on-disk restore points. If you disable this policy setting, users can s
d. Internet printing is an extension of Internet Information Services (IIS). To use Internet printing, IIS must be installed, and printing suppor
010, Word 2007, Word 2010 and certain other applications are configured to support it. Other applications may also be capable of isolating
to a Web page customized for your enterprise. If you disable this setting or do not configure it, or if you do not enter an alternate Internet
bled, the network scan page will not be displayed. If this policy setting is not configured, the Add Printer wizard will display the default num
nd also check the "Connect to this printer (or to browse for a printer, select this option and click Next)" radio button on Add Printer Wizard
not process print jobs before sending them to the print server. This decreases the workload on the client at the expense of increasing the
chines that have a relatively powerful CPU as compared to the machine’s GPU.
r" page in the Add Printer Wizard. The Browse button appears beside the "Connect to a printer on the Internet or on a home or office netw
-mode drivers may be installed on the local computer running Windows XP Home Edition and Windows XP Professional. If you do not confi
s folder in Control Panel. Also, users cannot add printers by dragging a printer icon into the Printers folder. If they try, a message appears ex
er programs to delete a printer. If this policy is disabled, or not configured, users can delete printers using the methods described above.
ge will not be displayed. If this setting is not configured, the Add Printer wizard will display the default number of printers of each type: TC
rom print servers. If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
vior of non-package point and print connections. Windows Vista and later clients will attempt to make a non-package point and print conn
rom print servers. If this setting is disabled, or not configured, users will not be restricted to package-aware point and print only.
vior of non-package point and print connections. Windows Vista and later clients will attempt to make a non-package point and print conn
n Location Tracking is enabled, the system uses the specified location as a criterion when users search for printers. The value you type here
The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers. If you enab
nts will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client,
nts will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client,
searches begin at the root of Active Directory. This setting only provides a starting point for Active Directory searches for printers. It does
er servers. If you disable this setting, shared printers are not announced to print browse master servers, even if Active Directory is not avai
setting, the print spooler will execute print drivers in an isolated process by default. If you disable this policy setting, the print spooler will
drivers that do not explicitly opt out of Driver Isolation. If you disable or do not configure this policy setting, the print spooler uses the Dri
e and the server driver cache. If you disable this policy setting, the client computer will only search the local driver store and server driver
able this policy setting, then all printer extensions will not be allowed to run. If you disable this policy setting or do not configure it, then a
fault MXDW output format is OpenXPS (*.oxps).
nch Office Direct Printing jobs.

hared will continue to be shared. The spooler must be restarted for changes to this policy to take effect.
ally publish printers. However, you can publish shared printers manually. The default behavior is to automatically publish shared printers in
nd to Windows 2000 printers published outside their forest. The Windows pruning service prunes printer objects from Active Directory wh
he pruning service "prunes" (deletes from Active Directory) printer objects the computer has published. By default, the pruning service co
ority influences the order in which the thread receives processor time and determines how likely it is to be preempted by higher priority th
not respond to the contact message, the message is repeated for the specified number of times. If the computer still fails to respond, then
ter does not respond to the contact attempt, the attempt is retried a specified number of times, at a specified interval. The "Directory prun
er's shared printers cannot be published in Active Directory, and the "List in directory" option is not available. Note: This settings takes prio
he computer is operating. To enable this additional verification, enable this setting, and then select a verification interval. To disable verific
When the computer that published the printers restarts, it republishes any deleted printer objects. If you enable this setting or do not confi
chase software from Windows Marketplace. Programs published or assigned to the user by the system administrator also appear in the Pro
other tools and methods to view or uninstall programs. It also does not prevent users from linking to related Programs Control Panel Featu
shers. If this setting is disabled or not configured, the "View installed updates" task and the "Installed Updates" page will be available to a
ing or sending e-mail, as well as specify the programs that are accessible from the Start menu, desktop, and other locations. If this setting
puter for installation. Enabling this feature does not prevent users from navigating to Windows Marketplace using other methods. If this fe
rams" page lists published programs and provides an easy way to install them. Published programs are those programs that the system ad
abled or is not configured, the "Turn Windows features on or off" task will be available to all users. This setting does not prevent users from

fication. If you enable this setting, you can change the default DSCP value associated with the Best Effort service type. If you disable this s
flow specification. If you enable this setting, you can change the default DSCP value associated with the Controlled Load service type. If y
pecification. If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type. If you disable t
he flow specification. If you enable this setting, you can change the default DSCP value associated with the Network Control service type. I
cification. If you enable this setting, you can change the default DSCP value associated with the Qualitative service type. If you disable this
w specification. If you enable this setting, you can change the default DSCP value associated with the Best Effort service type. If you disabl
m to the flow specification. If you enable this setting, you can change the default DSCP value associated with the Controlled Load service ty
flow specification. If you enable this setting, you can change the default DSCP value associated with the Guaranteed service type. If you d
rm to the flow specification. If you enable this setting, you can change the default DSCP value associated with the Network Control service
ow specification. If you enable this setting, you can change the default DSCP value associated with the Qualitative service type. If you disa
eduler has submitted to a network adapter for transmission, but which have not yet been sent. If you enable this setting, you can limit the
to override the default. If you enable this setting, you can use the "Bandwidth limit" box to adjust the amount of bandwidth the system ca
n established for the system, usually units of 10 microseconds. If you disable this setting or do not configure it, the setting has no effect on
th the Best Effort service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priority v
ociated with the Controlled Load service type. If you disable this setting, the system uses the default priority value of 0. Important: If the
with the Guaranteed service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 prio
ssociated with the Network Control service type. If you disable this setting, the system uses the default priority value of 0. Important: If th
orming packets. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priority value for nonco
with the Qualitative service type. If you disable this setting, the system uses the default priority value of 0. Important: If the Layer-2 priority
this policy setting, the listed providers will respond to WMI queries, and Reliability Monitor will display system reliability information. If you
source Exhaustion problems and attempt to determine their root causes. These root causes will be logged to the event log when detected,
u created earlier to recover your computer" and "Reinstall Windows" (or "Return your computer to factory condition") appears on the "Adv
tten to the disk. You can specify the Timestamp Interval in seconds. If you disable this policy setting, the Persistent System Timestamp is tur
g. If you do not configure this policy setting, users can adjust this setting using the control panel, which is set to "Upload unplanned shutdo
e user indicates that the shutdown or restart is unplanned. If you disable this policy setting, the System State Data feature is never activate
op-down menu list, the Shutdown Event Tracker is displayed when the computer shuts down. If you enable this policy setting and choose "
settings are used.
contacts or the unsolicited Offer Remote Assistance. If you enable this policy setting, only computers running this version (or later version
ations: -No full window drag -Turn off background "Full optimization" will include the following optimizations: -Use 16-bit color (8-bit col
to specify a custom message to display before a user allows a connection to his or her computer. If you enable this policy setting, the warn
and you can configure additional Remote Assistance settings. If you disable this policy setting, users on this computer cannot use email or
on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you do not co
e or do not configure this setting, the operating system does not force a reboot. Note: If no reboot is forced, the access right does not take
e or do not configure this setting, the operating system does not force a reboot. Note: If no reboot is forced, the access right does not take

orage class.

-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Config
-protected storage, enable the policy setting "Deny write access to drives not protected by BitLocker," which is located in "Computer Config

f you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.
f you disable or do not configure this policy setting, write and read accesses are allowed to all removable storage classes.

to this removable storage class.


to this removable storage class.
ed to this removable storage class.
ed to this removable storage class.
rect handles to removable storage devices in remote sessions.
n this manner. If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to co
ograms can retrieve the extended error information by using standard Windows application programming interfaces (APIs). If you disable th
COM are encouraged to use the RPC_C_QOS_CAPABILITIES_IGNORE_DELEGATE_FAILURE flag, but some applications written for the traditi
er errors because connections will be timed out faster than expected. Using this policy setting you can force the RPC Runtime and the RPC/
olicy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setti
setting, the RPC runtime defaults to "Auto2" level. If you do not configure this policy setting, the RPC defaults to "Auto2" level. If you enab
the system stops script processing and records an error event. If you enable this setting, then, in the Seconds box, you can type a number
they run, although it does not display logon scripts written for Windows 2000. If you enable this setting, Windows 2000 does not display l
script as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. If you disable or do not
rocessing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable or do not configure thi
rocessing is complete before the user starts working, but it can delay the appearance of the desktop. If you disable or do not configure thi
pt as it runs. The instructions appear in a command window. This policy setting is designed for advanced users. If you disable or do not con
Policy Object (GPO), Windows PowerShell scripts are run before non-Windows PowerShell scripts during computer startup and shutdown.
ct (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenar
ct (GPO), PowerShell scripts are run before non-PowerShell scripts during user logon and logoff. For example, assume the following scenar
em displays each instruction in the shutdown script as it runs. The instructions appear in a command window. If you disable or do not confi
nate the running of startup scripts. As a result, startup scripts can run simultaneously. If you disable or do not configure this policy setting,
tion in the startup script as it runs. Instructions appear in a command window. This policy setting is designed for advanced users. If you disa
is disabled during cross-forest logons without the DNS suffixes being configured. If you disable or do not configure this policy setting, user
If you disable or do not configure this policy setting, the scripted diagnostics execution engine runs all digitally signed packages.
eshooting tools from the Troubleshooting Control Panel. If you disable this policy setting, users cannot access or run the troubleshooting to
essage that states, "Do you want the most up-to-date troubleshooting content?" If you enable or do not configure this policy setting, users
otified of the problem for interactive resolution. If you choose detection, troubleshooting and resolution, Windows will resolve some of the
ocations to the index. This policy has no effect if the Files on Microsoft Networks add-in is not installed. Disabled by default.
ocations to the index. This policy has no effect if the Files on Microsoft Networks add-in is not installed. Disabled by default.
ndex encrypted items or encrypted stores. This policy setting is not configured by default. If you do not configure this policy setting, the loc

ds. This policy setting is not configured by default. If you do not configure this policy setting, the local setting, configured through Control P
ory usage. We recommend enabling this policy setting only on PCs where documents are stored in many languages. If you disable or do no
etting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
ble this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search. If y
d when a user performs a query in Search. If you disable this policy setting, queries will be performed on the web over metered connection
rsonalize their search and other Microsoft experiences. -User info only: Share a user's search history and some Microsoft account info to
Filter adult images and videos but not text from search results; -Off: Don't filter adult content from search results. If you disable or don't
he index. If you disable or do not configure this policy setting, Windows Search monitors which folders are shared or not shared on this com
en the policy is enabled, the Add and Remove locations options and any previously defined user locations will not be visible. When the pol
g, users can acess the Advanced Options dialog for Search and Indexing Options in the Control Panel. This is the default for this policy settin

es are managed separately from online mailboxes. The "Enable Indexing of Uncached Exchange Folders" has no effect on delegate mailbox
ot affect portions of a delegate mailbox that are cached locally. To have this policy affect all parts of a delegate mailbox, ensure that for Mic
ms per minute. To lower the burden on Microsoft Exchange servers, lower the rate of items indexed per minute. If you disable this policy, th

nce of non-Microsoft document filters (iFilters). This policy is disabled by default.


;.docx;.xls;.xlsx;.ppt;.pptx;.vsd;.xlsb;.xltx;.dot;.rtf
d the Download Public Folder Favorites option must be turned on.

rch service. Use $w in place of the query term for the search service URL. If your intranet search service is SharePoint Portal Server, your q
earch2,http://mysearch2?q=$w. For each search scope, provide: 1) A name for the scope, such as 'IT Web'. 2) The URL to the search servi
ce XP or later. The full preview pane functionality is only available for Office documents in Office XP or later. When this policy is disabled or
n view so that users can see snippets related to their desktop search query. When this policy is disabled or not configured, the default is sm
olicy is disabled or not configured, Windows Desktop Search automatically manages your index size.
can also specify an allow list of add-ins by providing the classID or ProgId string. For example, if you plan to deploy a particular iFilter, make
dex is not restored.
system paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "U

o not reference a specific SID will not be included for indexing if these are only specified in the Group Policy under "User Configuration." To

m paths that do not reference a specific SID will not be excluded from indexing if these are only specified in the Group Policy under "User Co
es all these into a single exclusion list. When this policy is disabled or not configured, the user can edit the default list of excluded file type
t configure this policy setting, users will get search suggestions based on previous searches in the search pane.

for the user to interact with Cortana using speech.

ory view also contains a status section, where the user can get recommendations to help increase the computer's security. When Security C

ms on this computer will not be prevented from using location information from the location feature.
ms on this computer will not be prevented from using location information from the location feature.

the server. If you do not configure this policy setting, Server Manager is displayed when a user logs on to the server. However, if the "Do no
es installed on managed servers. If you enable this policy setting, Server Manager uses the refresh interval specified in the policy setting in
ou disable this policy setting, the Initial Configuration Tasks window is displayed when an administrator logs on to the server. If you do not
ge is displayed each time an administrator logs on to the server. However, if the administrator has selected the "Don’t display this page at lo
ting system corruption and for enabling optional features that have had their payload files removed. You must enter the fully qualified path
w users to turn syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this setting, "sync your setti
so that syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "app settings" group is on b
at syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "passwords" group is on by defau
that syncing it turned off by default but not disabled. If you do not set or disable this setting, syncing of the "personalize" group is on by d
urned off by default but not disabled. If you do not set or disable this setting, syncing of the "AppSync" group is on by default and configu
sers to turn other Windows settings syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this se
ers to turn desktop personalization syncing on" so that syncing it turned off by default but not disabled. If you do not set or disable this se
history and favorites, will not be synced. Use the option "Allow users to turn browser syncing on" so that syncing is turned off by default b
will take place when this PC is on a metered connection. If you do not set or disable this setting, syncing on metered connections is configu
yncing is turned off by default but not disabled. If you do not set or disable this setting, syncing of the "Start layout" group is on by default
h will be the location used during the last time Windows Service Pack Setup was run on the system.
st time Windows Setup was run on the system.
rosoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over
rosoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over
users cannot publish DFS roots in AD DS and the "Publish in Active Directory" option is disabled. Note: The default is to allow shared folders
e this policy setting, users cannot publish shared folders in AD DS, and the "Publish in Active Directory" option is disabled. Note: The defaul
in their profile. If you enable this policy setting, users cannot share files within their profile using the sharing wizard. Also, the sharing wiza
If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined compu
aining that a setting prevents the action. If you disable this policy setting or do not configure it, users can run Cmd.exe and batch files norm
m using other administrative tools, use the "Run only specified Windows applications" policy setting.
vents users from running programs that are started by the File Explorer process. It does not prevent users from running programs such as T
nts users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Tas
ome Center is displayed at user logon.
p gadgets to be turned on.
p gadgets to be turned on.
, both signed and unsigned gadgets will be extracted. The default is for Windows to extract both signed and unsigned gadgets.
, both signed and unsigned gadgets will be extracted. The default is for Windows to extract both signed and unsigned gadgets.

n pane in File Explorer. * OneDrive files aren’t kept in sync with the cloud. * Users can’t automatically upload photos and videos from the
or select to sync OneDrive or SharePoint files on the computer, for the sync client to start automatically. If this setting is not enabled, the O
r in the navigation pane in File Explorer. * OneDrive files aren’t kept in sync with the cloud. * Users can’t automatically upload photos and

also be able to open and save files on OneDrive using the OneDrive app and file picker, and Windows Store apps will still be able to access
etting can be used to modify that restriction. If you enable this policy setting, certificates with the following attributes can also be used to l
eature. If you enable this policy setting, the integrated unblock feature will be available. If you disable or do not configure this policy settin
this behavior is when a certificate is renewed and the old one has not yet expired. Two certificates are determined to be the same if they
es from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to det
available smart card signature key-based certificates will not be listed on the logon screen.
used. This setting only controls the displaying of the certificate on the client machine. If you enable this policy setting certificates will be l
r and the certificates will not be made available to applications such as Outlook.

tting must also be enabled: Turn on certificate propagation from smart card. If you disable this policy setting then root certificates will not b
isplayed at the time of logon. If you disable or do not configure this policy setting, the default message will be displayed to the user when
was CN=User1, OU=Users, DN=example, DN=com and had an UPN of [email protected] then "User1" will be displayed along with "use
y setting could prevent certain smart cards from working on Windows. Please consult your smart card manufacturer to find out whether yo
o enter their user name or user name and domain will be displayed. If you disable or do not configure this policy setting, an optional field t
time. If you disable this policy setting, Smart Card Plug and Play will be disabled and a device driver will not be installed when a card is inse
onfirmation message will not be displayed when a smart card device driver is installed. Note: This policy setting is applied only for smart c
rtificates on a smart card cannot be used to log on to a domain. Note: This policy setting only affects a user's ability to log on to a domain.
ed from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Som
setting, users will be able to install apps from anywhere, including files downloaded from the Internet. If you do not configure this setting,
nable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defen
nable this setting, Windows Defender SmartScreen is turned on and employees can't turn it off. If you disable this setting, Windows Defen
able or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.
able or don't configure this setting, employees can ignore Windows Defender SmartScreen warnings and continue to the site.
community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and route
ing and setting terminal values and monitoring network events. The manager is located on the host computer on the network. The manag
nts. This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP serv
or do not configure this policy setting, Sound Recorder can be run.
or do not configure this policy setting, Sound Recorder can be run.
table data files. If enabled (default), the device will periodically check for updated speech models and then download them from a Microso
ment these with properties defined on individual file servers by using File Classification Infrastructure, which is part of the File Server Reso
erties on individual file servers by using File Classification Infrastructure, which is part of the File Server Resource Manager role service. If y
nied access. If you enable this policy setting, users receive a customized Access Denied message from the file servers on which this policy
f a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
t menu search box. If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
nk will not be shown when the user performs a search in the start menu search box.

Add the Run command to the Start menu policy has no effect.
licy setting, then users will be able to turn the QuickLaunch bar on and off.
in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off. If you disable or do not configure t
emoves the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off <username> item from the Start Me
staller and those that users have configured for full installation upon first use. If you disable this setting or do not configure it, all Start men
ze menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users d
ked, it cannot be moved or resized. If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is
uired by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory s
otifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron." If you enable this setting, the sy
he pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start m
e or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customiz
nfigure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, incl

ally configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on tha
ally configure a device's Start layout to the desired look and feel. Once you are done, run the Export-StartLayout PowerShell cmdlet on tha
y setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power bu
. If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power bu
enu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Custom
ntext menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the

the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
he user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Men
ist in Start" in Settings to Off. Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app lis
nections from Settings on the Start menu. Network Connections still appears in Control Panel and in File Explorer, but if users try to start it
t, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
g document shortcuts. The system empties the Recent Items menu on the Start menu, and Windows programs do not display shortcuts at
, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on
is policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortc
configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated wi
ed from entering the following into the Internet Explorer Address Bar: --- A UNC path: \\<server>\<share> ---Accessing local drives: e.g., C
olders (such as Control.exe) from running. However, users can still start Control Panel items by using other methods, such as right-clicking t
ents the action. If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the S
rs the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are acce
ethods to gain access to the contents of the Documents folder. Note: To make changes to this policy setting effective, you must log off and

appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can us
ocuments, Pictures, Music, Computer, and Network. The new Start menu starts them directly. If you enable this setting, the Start menu dis

program name. By default, this setting is always enabled. If you disable or do not configure it, items on the taskbar that share the same pr
is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "
e this policy setting, the context menus for the taskbar are available. This policy setting does not prevent users from using other methods
uding the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system
a, set the "Remove user folder link from Start Menu" policy setting. If you disable or do not configure this policy setting, the user name lab
Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer. Windo

ptions. As a result, users cannot restore the Log Off <username> item to the Start Menu. If you disable or do not configure this policy setti
remove the homegroup link from the Start Menu.

n will fall back to Shut Down. If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by defa
ccess the "Run as different user" command from Start for any applications. Note: This setting does not prevent users from using other met
olicy setting, the default setting for the user’s device will be used, and the user can choose to change it.
icy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps vi
earch the list of installed apps. If you disable or don’t configure this policy setting, the user can configure this setting.
default sorting options. If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted
indows logo key. If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user
hange the size of Start in Settings.

l data files. The behavior of this policy setting depends on the "Turn off System Restore" policy setting. If you enable this policy setting, the
able this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Re
enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in t
enable this policy, application auto complete lists will never appear next to Input Panel. Users will not be able to configure this setting in t
he edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this po
he edge of the Tablet PC screen. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this po
rd to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to text entry areas w
rd to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to text entry areas w
r text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to any text entry area when a
r text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will never appear next to any text entry area when a
not showing what keys are tapped when entering a password. Touch Keyboard and Handwriting panel enables you to use handwriting or
not showing what keys are tapped when entering a password. Touch Keyboard and Handwriting panel enables you to use handwriting or
ws Vista only) only when these input languages or keyboards are installed. Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input P
ws Vista only) only when these input languages or keyboards are installed. Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input P
hapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols,
hapes. Tablet PC Input Panel is a Tablet PC accessory that enables you to use handwriting or an on-screen keyboard to enter text, symbols,
nguage. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers
nguage. Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers
te. If you do not configure this policy, users will be able to use this feature to print to a Journal Note.
te. If you do not configure this policy, users will be able to use this feature to print to a Journal Note.

ack and pen cursors will be shown unless the user disables them in Control Panel.
ack and pen cursors will be shown unless the user disables them in Control Panel.
C mapping will occur.
C mapping will occur.
tab). If you disable this policy, applications can be launched from a hardware button. If you do not configure this policy, applications can b
tab). If you disable this policy, applications can be launched from a hardware button. If you do not configure this policy, applications can b
, contact your system administrator." If you disable this policy, press and hold actions for buttons will be available. If you do not configure
, contact your system administrator." If you disable this policy, press and hold actions for buttons will be available. If you do not configure
ure this policy, user and OEM defined button actions will occur when the buttons are pressed.
ure this policy, user and OEM defined button actions will occur when the buttons are pressed.
orer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks train
orer are disabled and that the pen flicks notification will never be displayed. However, pen flicks, the pen flicks tray icon and pen flicks train
not configure this policy, pen flicks and related features are available.
not configure this policy, pen flicks and related features are available.

otification area.
displayed in the system notification area.
kbar setting that is not prevented by another policy setting.
ations are able to add toolbars to the taskbar.

er area of the monitor unless prevented by another policy setting.

e program shortcuts stay on the Taskbar.


ble or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
ompatibility issues with toast notifications. If you disable or don’t configure this policy setting, all notifications will appear as toast notificati

mportant documents and other tasks. If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens
ese programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar. If you disable or do not configure this polic
their Jump Lists will continue to show. If you disable or do not configure this policy setting, users can pin files, folders, websites, and other
this policy setting, users can show taskbars on more than one display.
ng for the user’s device will be used, and the user can choose to change it.
d in the notification area. The user will be able to read notifications when they appear, but they won’t be able to review any notifications th
tting, users can pin the Store app to the Taskbar.
an additional calendar shows the lunar month and date and holiday names in Traditional Chinese (Lunar) by default. If you enable this pol
box or the "Start in" box that determine the program and path for a task. As a result, when users create a task, they must select a program
box or the "Start in" box that determine the program and path for a task. As a result, when users create a task, they must select a program
y created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change tas
y created task's property sheet upon completion of the "Add Scheduled Task" wizard. The task's property sheet allows users to change tas
older. As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks
older. As a result, users cannot add new scheduled tasks by dragging, moving, or copying a document or program into the Scheduled tasks
ter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
ter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
e properties that appear in Detail view and in the task preview. This setting prevents users from viewing and changing characteristics such
e properties that appear in Detail view and in the task preview. This setting prevents users from viewing and changing characteristics such
guration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the s
guration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the s
heduled Tasks folder. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configu
heduled Tasks folder. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configu
disable or do not configure this policy setting, the local host setting is used. If you enable this policy setting, you can configure ISATAP with
ot required. If you disable or do not configure this policy setting, the local host setting is used.
rs are a hexadecimal representation of the global IPv4 address (w.x.y.z) assigned to a site. If you disable or do not configure this policy setti
ay name for a 6to4 host. If you disable or do not configure this policy setting, the local host setting is used, and you cannot specify a relay n
ved periodically. If you disable or do not configure this policy setting, the local host setting is used.
figure Teredo with one of the following settings: Default: The default state is "Client." Disabled: No Teredo interfaces are present on the h
this policy setting, the local settings on the computer are used to determine the Teredo server name.
address and UDP port mapping in the translation table of the Teredo client's NAT device. If you enable this policy setting, you can specify
ng, you can customize a UDP port for the Teredo client. If you disable or do not configure this policy setting, the local host setting is used.
used. This policy setting contains only one state: Policy Enabled State: If Default Qualified is enabled, Teredo will attempt qualification imm
er URL. You will be able to configure IP-HTTPS with one of the following settings: Policy Default State: The IP-HTTPS interface is used when
ng, the local host settings are used. If you enable this policy setting, Window Scaling Heuristics will be enabled and system will try to identi
Autoconfiguration Limits will be disabled and system will not limit the number of autoconfigured addresses and routes.
to calculate the current session time (current session time = server base time + client time zone). If you disable or do not configure this pol
ter and the local computer. By default, Remote Desktop Services allows Clipboard redirection. If you enable this policy setting, users canno
ayed in a Remote Desktop Services session. If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, d
e default user profile, Remote Desktop Connection, or through Group Policy. If you enable this policy setting, the desktop is always display
on Host server can be started remotely by using the RemoteApp Manager on Windows Server 2008 R2 and Windows Server 2008. If you ar
s. Because Windows Aero requires additional system and bandwidth resources, allowing desktop composition for remote desktop sessions
ost server in the farm with the fewest sessions. Redirection behavior for users with existing sessions is not affected. If the server is configur
ng, all client printers are redirected in Remote Desktop Services sessions.
ng, all client printers are redirected in Remote Desktop Services sessions.
RD Session Host server, but it is not logged off. If you enable this policy setting, when a user closes the last running RemoteApp program a
RD Session Host server, but it is not logged off. If you enable this policy setting, when a user closes the last running RemoteApp program a
CD monitor. Because font smoothing requires additional bandwidth resources, not allowing font smoothing for remote connections can im
P address and network mask are used to select the network adapter used for the virtual IP addresses. If you disable or do not configure th
nectivity. If you disable or do not configure this policy setting, the IP address of the RD Session Host server is used if a virtual IP is not availa
ned off. If you disable or do not configure this policy setting, Fair Share CPU Scheduling is turned on.
Windows Installer RDS Compatibility is turned off, and only one instance of the msiexec process can run at a time. If you disable or do not
m mode, you must enter a list of programs to use virtual IP addresses. List each program on a separate line (do not enter any blank lines be
nd saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configur
p Connection and saves his settings, any password that previously existed in the RDP file will be deleted. If you disable this setting or leave
opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption. If you enable this policy setting, all commu
n client. By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connecti
during remote connections must use the security method specified in this setting. The following security methods are available: * Negotia
nable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server. To de
etween a client and an RD Session Host server during RDP connections. If you enable this policy setting, you need to specify a certificate te
this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on
will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting. You can enforce th
enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: It i
reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost. If the status is se
low links, and reduce server load. If you enable this policy setting, the color depth that you specify is the maximum color depth allowed fo
enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can
. If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target com
. If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution
gh Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more inf
he connected administrator is logged off, any data not previously saved is lost. If you enable this policy setting, logging off the connected a
ve instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client lo
D Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Hos
ems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of da
ser account connecting to this RD Session Host server have an RDS Per User CAL. Per Device licensing mode requires that each device conn
sage telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer se
cy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box. If you disable or do not
on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog
n is complete. If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this
te user session. 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Ful
te user session. 2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent. 3. Ful
connected state, the user automatically reconnects to that session at the next logon. If you disable this policy setting, users are allowed to
otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting o
otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting o
default, administrators are able to make such changes. If you enable this policy setting the default security descriptors for existing groups
lt user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy. If you enable this policy setting, the
oose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the
ntrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network
er Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use t
ize" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles. If you enable this policy setting, y
erver. By default, a license server issues an RDS CAL to any RD Session Host server that requests one. If you enable this policy setting and t
most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2
esktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also cho
ic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidt
RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone. By default, audio record
ter and the local computer. By default, Remote Desktop Services allows Clipboard redirection. If you enable this policy setting, users canno
Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection. If you enable this policy setting, u
rver. You can use this policy setting to override this behavior. If you enable this policy setting, the default printer is the printer specified on
or any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the
or any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the
e format <driveletter> on <computername>. You can use this policy setting to override this behavior. If you enable this policy setting, clien
ktop Services allows LPT port redirection. If you enable this policy setting, users in a Remote Desktop Services session cannot redirect serv
moteFX USB devices. If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Us
esktop Services allows this client printer mapping. If you enable this policy setting, users cannot redirect print jobs from the remote compu
ote Desktop Services session. If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD S
g, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
te the current session time (current session time = server base time + client time zone). If you disable or do not configure this policy settin
set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured co
r, the Remote Desktop Session Host role service must be installed on the server. If the policy setting is enabled, the RD Session Host server
the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services. If you specify a
o the RD Connection Broker server. If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker se
ers in a load-balanced farm should use the same RD Connection Broker server. If you enable this policy setting, you must specify the RD Co
dle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally
dle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally
m a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state, running progra
m a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state, running progra
p Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minut
p Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minut
cally disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop S
cally disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop S
s a user's temporary folders when the user logs off. If you enable this policy setting, a user's per-session temporary folders are retained wh
ary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote compute
e client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to c
e client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to c
s certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, wh
horities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for exam
tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To
tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To
tials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user wi
The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server. Warn me if authentic
lity to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest a
experience could be set to one of the following options: 1. Let the system choose the experience for the network condition 2. Optimize fo
use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwid
onfigure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics. If you disab
he encoding option to “Always Attempt”, Remote Desktop will always try to use H.264/AVC hardware encoding when available, be aware th

leration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to inves
uch as applications that use Silverlight or Windows Presentation Foundation. If you enable this policy setting, you must select the visual ex
emoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer. If you disable or do not c
rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-sid
ements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwi
R2 SP1 RemoteFX Codec.If you enable this policy setting, users' sessions on this server will only use the Windows Server 2008 R2 SP1 Remo
cument file types to be associated with RemoteApp programs. The default connection URL must be configured in the form of http://conto
me Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this se
either UDP or TCP (default)" If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UD
mpt to use both TCP and UDP protocols.
u disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter. If you do n
ure this policy setting, File Explorer displays only thumbnail images.
ders. If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
f you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
inter, and other touch-specific features. If you disable this setting, the user can produce input with touch, by using gestures, the touch poi
inter, and other touch-specific features. If you disable this setting, the user can produce input with touch, by using gestures, the touch poi
e to pan windows by touch. If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Pann
e to pan windows by touch. If you disable this setting, the user can pan windows by touch. If you do not configure this setting, Touch Pann
require TPM owner authorization without requiring the user to enter the TPM owner password. You can choose to have the operating syst
mber. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the co
licy or the local list. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm
or the default list. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting
s prevented from sending commands requiring authorization to the TPM. This setting helps administrators prevent the TPM hardware from
ed from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administrators prevent th
ers are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization. This setting helps administrat
fter Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenan
starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterpr
M will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The
ption is changed, it will only take effect when UE-V service is re-enabled.
aits to retrieve settings. If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
aits to retrieve settings. If you disable or do not configure this policy setting, the default value of 2000 milliseconds is used.
ed for your environment.
ed for your environment.
bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. If you disable or d
bytes. When the settings package file exceeds this threshold the UE-V Agent will write a warning event to the event log. If you disable or d
zation behavior based on the templates in this location. Settings location templates added or updated since the last check are registered b
f Internet Explorer from synchronization between computers. If you enable this policy setting, the user settings which are common betwee
f Internet Explorer from synchronization between computers. If you enable this policy setting, the user settings which are common betwee
his policy setting, the Internet Explorer 8 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 8 user se
his policy setting, the Internet Explorer 8 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 8 user se
his policy setting, the Internet Explorer 9 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 9 user se
his policy setting, the Internet Explorer 9 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 9 user se
le this policy setting, the Internet Explorer 10 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 10 u
le this policy setting, the Internet Explorer 10 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 10 u
le this policy setting, the Internet Explorer 11 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 11 u
le this policy setting, the Internet Explorer 11 user settings continue to synchronize. If you disable this policy setting, Internet Explorer 11 u
ator user settings continue to synchronize. If you disable this policy setting, Calculator user settings are excluded from the synchronization
ator user settings continue to synchronize. If you disable this policy setting, Calculator user settings are excluded from the synchronization
user settings continue to synchronize. If you disable this policy setting, Notepad user settings are excluded from the synchronization setting
user settings continue to synchronize. If you disable this policy setting, Notepad user settings are excluded from the synchronization setting
d user settings continue to synchronize. If you disable this policy setting, WordPad user settings are excluded from the synchronization setti
d user settings continue to synchronize. If you disable this policy setting, WordPad user settings are excluded from the synchronization setti
vent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
vent the user settings which are common between the Microsoft Office Suite 2016 applications from synchronization between computers.
ou enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
ou enable this policy setting, Microsoft Access 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
able this policy setting, Microsoft Excel 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2016 u
able this policy setting, Microsoft Excel 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2016 u
le this policy setting, Microsoft Lync 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2016 user
le this policy setting, Microsoft Lync 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2016 user
synchronization between computers. If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synch
synchronization between computers. If you enable this policy setting, Microsoft Office 2016 Upload Center user settings continue to synch
omputers. If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. If you disable this policy setti
omputers. If you enable this policy setting, OneDrive for Business 2016 user settings continue to synchronize. If you disable this policy setti
rs. If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. If you disable this policy setting, Micros
rs. If you enable this policy setting, Microsoft OneNote 2016 user settings continue to synchronize. If you disable this policy setting, Micros
If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft
If you enable this policy setting, Microsoft Outlook 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft
mputers. If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. If you disable this policy setti
mputers. If you enable this policy setting, Microsoft PowerPoint 2016 user settings continue to synchronize. If you disable this policy setti
ou enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ou enable this policy setting, Microsoft Project 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ers. If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. If you disable this policy setting, Micro
ers. If you enable this policy setting, Microsoft Publisher 2016 user settings continue to synchronize. If you disable this policy setting, Micro
ble this policy setting, Microsoft Visio 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2016 us
ble this policy setting, Microsoft Visio 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2016 us
nable this policy setting, Microsoft Word 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2016
nable this policy setting, Microsoft Word 2016 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2016
y setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. If you enable this policy setting, certain user
y setting to suppress the backup of specific common Microsoft Office Suite 2016 applications. If you enable this policy setting, certain user
policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. If you disable this policy setting, certain user s
policy setting, certain user settings of Microsoft Access 2016 will continue to be backed up. If you disable this policy setting, certain user s
y setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. If you disable this policy setting, certain user settings
y setting, certain user settings of Microsoft Excel 2016 will continue to be backed up. If you disable this policy setting, certain user settings
setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. If you disable this policy setting, certain user settings of
setting, certain user settings of Microsoft Lync 2016 will continue to be backed up. If you disable this policy setting, certain user settings of
ble this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. If you disable this policy setting, cert
ble this policy setting, certain user settings of Microsoft OneNote 2016 will continue to be backed up. If you disable this policy setting, cert
this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. If you disable this policy setting, certain u
this policy setting, certain user settings of Microsoft Outlook 2016 will continue to be backed up. If you disable this policy setting, certain u
ou enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. If you disable this policy se
ou enable this policy setting, certain user settings of Microsoft PowerPoint 2016 will continue to be backed up. If you disable this policy se
s policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. If you disable this policy setting, certain user
s policy setting, certain user settings of Microsoft Project 2016 will continue to be backed up. If you disable this policy setting, certain user
able this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. If you disable this policy setting, cer
able this policy setting, certain user settings of Microsoft Publisher 2016 will continue to be backed up. If you disable this policy setting, cer
y setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. If you disable this policy setting, certain user settings o
y setting, certain user settings of Microsoft Visio 2016 will continue to be backed up. If you disable this policy setting, certain user settings o
icy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. If you disable this policy setting, certain user settin
icy setting, certain user settings of Microsoft Word 2016 will continue to be backed up. If you disable this policy setting, certain user settin
ttings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V
ttings which are common between the Microsoft Office Suite 2016 applications will synchronize between a user’s work computers with UE-V
016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
6 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
6 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Offi
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Offi
ote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mic
ote 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mic
k 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micro
k 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micro
werPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings o
werPoint 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings o
2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
sher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mi
sher 2016 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mi
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
16 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft
16 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft
vent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
vent the user settings which are common between the Microsoft Office Suite 2013 applications from synchronization between computers.
ou enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
ou enable this policy setting, Microsoft Access 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
able this policy setting, Microsoft Excel 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2013 u
able this policy setting, Microsoft Excel 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2013 u
If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft
If you enable this policy setting, Microsoft InfoPath 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft
le this policy setting, Microsoft Lync 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2013 user
le this policy setting, Microsoft Lync 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2013 user
synchronization between computers. If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synch
synchronization between computers. If you enable this policy setting, Microsoft Office 2013 Upload Center user settings continue to synch
omputers. If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. If you disable this policy setti
omputers. If you enable this policy setting, OneDrive for Business 2013 user settings continue to synchronize. If you disable this policy setti
rs. If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. If you disable this policy setting, Micros
rs. If you enable this policy setting, Microsoft OneNote 2013 user settings continue to synchronize. If you disable this policy setting, Micros
If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft
If you enable this policy setting, Microsoft Outlook 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft
mputers. If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. If you disable this policy setti
mputers. If you enable this policy setting, Microsoft PowerPoint 2013 user settings continue to synchronize. If you disable this policy setti
ou enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ou enable this policy setting, Microsoft Project 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ers. If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. If you disable this policy setting, Micro
ers. If you enable this policy setting, Microsoft Publisher 2013 user settings continue to synchronize. If you disable this policy setting, Micro
ynchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchro
ynchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2013 user settings continue to synchro
ble this policy setting, Microsoft Visio 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2013 us
ble this policy setting, Microsoft Visio 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2013 us
nable this policy setting, Microsoft Word 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2013
nable this policy setting, Microsoft Word 2013 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2013
y setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. If you enable this policy setting, certain user
y setting to suppress the backup of specific common Microsoft Office Suite 2013 applications. If you enable this policy setting, certain user
policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. If you disable this policy setting, certain user s
policy setting, certain user settings of Microsoft Access 2013 will continue to be backed up. If you disable this policy setting, certain user s
y setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. If you disable this policy setting, certain user settings
y setting, certain user settings of Microsoft Excel 2013 will continue to be backed up. If you disable this policy setting, certain user settings
e this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. If you disable this policy setting, certain
e this policy setting, certain user settings of Microsoft InfoPath 2013 will continue to be backed up. If you disable this policy setting, certain
setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. If you disable this policy setting, certain user settings of
setting, certain user settings of Microsoft Lync 2013 will continue to be backed up. If you disable this policy setting, certain user settings of
ble this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. If you disable this policy setting, cert
ble this policy setting, certain user settings of Microsoft OneNote 2013 will continue to be backed up. If you disable this policy setting, cert
this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. If you disable this policy setting, certain u
this policy setting, certain user settings of Microsoft Outlook 2013 will continue to be backed up. If you disable this policy setting, certain u
ou enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. If you disable this policy se
ou enable this policy setting, certain user settings of Microsoft PowerPoint 2013 will continue to be backed up. If you disable this policy se
s policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. If you disable this policy setting, certain user
s policy setting, certain user settings of Microsoft Project 2013 will continue to be backed up. If you disable this policy setting, certain user
able this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. If you disable this policy setting, cer
able this policy setting, certain user settings of Microsoft Publisher 2013 will continue to be backed up. If you disable this policy setting, cer
esigner 2013 settings. If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be bac
esigner 2013 settings. If you enable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will continue to be bac
y setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. If you disable this policy setting, certain user settings o
y setting, certain user settings of Microsoft Visio 2013 will continue to be backed up. If you disable this policy setting, certain user settings o
icy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. If you disable this policy setting, certain user settin
icy setting, certain user settings of Microsoft Word 2013 will continue to be backed up. If you disable this policy setting, certain user settin
ttings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V
ttings which are common between the Microsoft Office Suite 2013 applications will synchronize between a user’s work computers with UE-V
013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
3 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
3 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
th 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micr
th 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micr
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Offi
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft Offi
ote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mic
ote 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mic
k 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micro
k 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Micro
werPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings o
werPoint 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings o
2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microso
sher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mi
sher 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Mi
e 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent t
e 365 SharePoint Designer 2013 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent t
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft O
13 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft
13 will synchronize between a user’s work computers with UE-V by default. Use this policy setting to prevent the user settings of Microsoft
vent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
vent the user settings which are common between the Microsoft Office Suite 2010 applications from synchronization between computers.
ou enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
ou enable this policy setting, Microsoft Access 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Acces
able this policy setting, Microsoft Excel 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2010 u
able this policy setting, Microsoft Excel 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Excel 2010 u
If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft
If you enable this policy setting, Microsoft InfoPath 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft
rs. If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. If you disable this policy setting, Micros
rs. If you enable this policy setting, Microsoft OneNote 2010 user settings continue to synchronize. If you disable this policy setting, Micros
le this policy setting, Microsoft Lync 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2010 user
le this policy setting, Microsoft Lync 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Lync 2010 user
If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft
If you enable this policy setting, Microsoft Outlook 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft
mputers. If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. If you disable this policy setti
mputers. If you enable this policy setting, Microsoft PowerPoint 2010 user settings continue to synchronize. If you disable this policy setti
ou enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ou enable this policy setting, Microsoft Project 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Proj
ers. If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. If you disable this policy setting, Micro
ers. If you enable this policy setting, Microsoft Publisher 2010 user settings continue to synchronize. If you disable this policy setting, Micro
from synchronization between computers. If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to
from synchronization between computers. If you enable this policy setting, Microsoft SharePoint Workspace 2010 user settings continue to
ynchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchro
ynchronization between computers. If you enable this policy setting, Microsoft SharePoint Designer 2010 user settings continue to synchro
nable this policy setting, Microsoft Word 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2010
nable this policy setting, Microsoft Word 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Word 2010
ble this policy setting, Microsoft Visio 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2010 us
ble this policy setting, Microsoft Visio 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft Visio 2010 us
ttings continue to sync. If you disable this policy setting, Finance user settings are excluded from synchronization. If you do not configure th
ttings continue to sync. If you disable this policy setting, Finance user settings are excluded from synchronization. If you do not configure th
tinue to sync. If you disable this policy setting, Maps user settings are excluded from synchronization. If you do not configure this policy setti
tinue to sync. If you disable this policy setting, Maps user settings are excluded from synchronization. If you do not configure this policy setti
tinue to sync. If you disable this policy setting, News user settings are excluded from synchronization. If you do not configure this policy setti
tinue to sync. If you disable this policy setting, News user settings are excluded from synchronization. If you do not configure this policy setti
ontinue to sync. If you disable this policy setting, Sports user settings are excluded from synchronization. If you do not configure this polic
ontinue to sync. If you disable this policy setting, Sports user settings are excluded from synchronization. If you do not configure this polic
ntinue to sync. If you disable this policy setting, Travel user settings are excluded from synchronization. If you do not configure this policy s
ntinue to sync. If you disable this policy setting, Travel user settings are excluded from synchronization. If you do not configure this policy s
settings continue to sync. If you disable this policy setting, Weather user settings are excluded from synchronization. If you do not configu
settings continue to sync. If you disable this policy setting, Weather user settings are excluded from synchronization. If you do not configu
s continue to sync. If you disable this policy setting, Reader user settings are excluded from the synchronization. If you do not configure th
s continue to sync. If you disable this policy setting, Reader user settings are excluded from the synchronization. If you do not configure th
s continue to sync. If you disable this policy setting, Games user settings are excluded from synchronization. If you do not configure this po
s continue to sync. If you disable this policy setting, Games user settings are excluded from synchronization. If you do not configure this po
ntinue to sync. If you disable this policy setting, Music user settings are excluded from the synchronizing settings. If you do not configure t
ntinue to sync. If you disable this policy setting, Music user settings are excluded from the synchronizing settings. If you do not configure t
tinue to sync. If you disable this policy setting, Video user settings are excluded from synchronization. If you do not configure this policy se
tinue to sync. If you disable this policy setting, Video user settings are excluded from synchronization. If you do not configure this policy se
to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign
to specify which Windows settings synchronize between computers. You can also use these settings to enable synchronization of users' sign
e location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the s
e location. This is the default value. You can disable the sync provider on computers that never go offline and are always connected to the s
the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. Enable this settin
the rollback information is copied to the settings storage location when the user logs off or shuts down their VDI session. Enable this settin
ot synchronize settings for Windows apps. If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. If y
ot synchronize settings for Windows apps. If you disable this policy setting, the UE-V Agent will synchronize settings for Windows apps. If y
ing the icon and selecting Open or by double-clicking the icon. When this group policy setting is enabled, the UE-V tray icon is visible, the U
their work computers. With this setting enabled, the notification appears the first time that the UE-V Agent runs. With this setting disable
tting enabled, the settings of all Windows apps not expressly disable in the Windows App List are synchronized. With this setting disabled,
ider doesn’t attempt the synchronization. If you enable this policy setting, the sync provider pings the settings storage location before sync
ider doesn’t attempt the synchronization. If you enable this policy setting, the sync provider pings the settings storage location before sync
ection. With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection. If you do not configure this po
ection. With this setting disabled, the UE-V Agent does not synchronize settings over a metered connection. If you do not configure this po
nnection that is roaming. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. With
nnection that is roaming. With this setting enabled, the UE-V Agent synchronizes settings over a metered connection that is roaming. With
IT Contact link. If you do not configure this policy setting, any defined values will be deleted.
Settings Center does not display an IT Contact link. If you do not configure this policy setting, any defined values will be deleted.
essional and Windows 2000 Professional operating systems, the default file permissions for the newly generated profile are full control, or
000 Professional pre-SP4 and Windows XP pre-SP1 operating systems, the default file permissions for the newly generated profile are full co
n the local computer to a local or remote directory. If you enable this policy setting, the system uses the Windows NT 4.0 definitions. %HOM
e hard drive of the computer they are using in case the server that stores the roaming profile is unavailable when the user logs on again. Th
omputer how to respond. If you enable this policy setting, the system does not detect slow connections or recognize any connections as be
w link with their roaming profile server is detected. In operating systems earlier than Microsoft Windows Vista, a dialog box will be shown t
clude the narrowest set of data that will address your needs. For example, if there is one application with data that should not be roamed t
d data, and the like) when their profile is deleted. As a result, the next time a roaming user whose profile was previously deleted on that cl
rofiles. If you enable this policy setting, you can: -- Set a maximum permitted user profile size. -- Determine whether the registry files are
e local profile. Similarly, when the user logs off this computer, the local copy of their profile, including any changes they have made, is mer
nnection between the user's computer and the server that stores users' roaming user profiles. -- The system cannot access users' server-b
this behavior, preventing Windows from loggin on the user with a temporary profile. If you enable this policy setting, Windows will not lo
might not match. When a user logs off of the computer, the system unloads the user-specific section of the registry (HKEY_CURRENT_USER
the past, the roaming profile is merged with the local profile. Similarly, when the user logs off the computer, the local copy of their profile,
ettings in this folder together define the system's response when roaming user profiles are slow to load. If you enable this policy setting, th
tion and data transfer, the network's latency and connection speed are determined. This policy setting and related policy settings in this fo
omatically delete on the next system restart all user profiles on the computer that have not been used within the specified number of days.
line. If you enable this policy setting, the network paths specified in this policy setting will be synchronized only by Offline Files during use
havior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user
h a wireless network. Note: Windows doesn't wait for the network if the physical network connection is not available on the computer (if t
\\Computername\Sharename\%USERNAME% to give each user an individual profile folder. If not specified, all users logging onto this com
s policy setting does not stop the roaming user profile's registry file from being uploaded at user logoff. If "Run at set interval" is chosen, th
l not be able to change this setting and the user's name and account picture will be shared with apps (not desktop apps). In addition apps
apps can use the advertising ID for experiences across apps.
as on a meeting room computer or on a computer in a remote office. To designate a user's primary computers, an administrator must use
tting, in the Location list, choose the location for the home folder. If you choose “On the network,” enter the path to a file share in the Path
y applicable to computers running Windows Server 2008 or Windows Vista. If you enable this policy setting, BitLocker recovery information
ery options can be used to unlock BitLocker-encrypted data in the absence of the required startup key information. The user either can typ
you can specify the path that will be used as the default folder location when the user chooses the option to save the recovery password in
ve Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only ap
ve Encryption Deployment Guide on Microsoft TechNet for more information about the encryption methods available. This policy is only ap
setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and rem
policy setting, memory will not be overwritten when the computer restarts. Preventing memory overwrite may improve restart performanc
hot plug PCI ports with no children devices, until the user logs in again. Devices which were already enumerated when the machine was u
ayed in the pre-boot key recovery screen. If you have previously configured a custom recovery message or URL and want to revert to the de
this policy setting, all new BitLocker startup PINs set will be enhanced PINs. Note: Not all computers may support enhanced PINs in the p
password. For the complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements"
tting, platform validation data will not be refreshed when Windows is started following BitLocker recovery. If you do not configure this pol
hange BitLocker PINs or passwords. If you disable or do not configure this policy setting, standard users will be permitted to change BitLock
cted drives. This identifier is automatically added to new BitLocker-protected drives and can be updated on existing BitLocker-protected dri
y be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the objec
rofile similar to the default BCD profile used by Windows 7. If you do not configure this policy setting, the computer will verify the default
a data recovery agent can be used with BitLocker-protected operating system drives. Before a data recovery agent can be used it must be a
entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive use
rs running Windows Server 2008 or Windows Vista. On a computer with a compatible Trusted Platform Module (TPM), two authentication
authentication options can be required at startup, otherwise a policy error occurs. If you want to use BitLocker on a computer without a T
ted. If you enable this policy, clients configured with a BitLocker Network Unlock certificate will be able to create and use Network Key Pro
u enable this policy setting before turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking
ortant: This group policy only applies to computers with BIOS configurations or to computers with UEFI firmware with a Compatibility Servic
ortant: This group policy only applies to computers with a native UEFI firmware configuration. Computers with BIOS or UEFI firmware with a
ou can require a minimum number of digits to be used when setting the startup PIN. If you disable or do not configure this policy setting, u
ading or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker soft
dditional information such as a PIN or Password. If you enable this policy setting, devices must have an alternative means of pre-boot inpu
al authentication at startup" policy on compliant hardware. If you enable this policy setting, users on InstantGo and HSTI compliant devices
provides more flexibility for managing pre-boot configuration than legacy BitLocker integrity checks. If you enable or do not configure this
th BitLocker-protected fixed data drives. Before a data recovery agent can be used it must be added from the Public Key Policies item in eit
he complexity requirement setting to be effective the Group Policy setting "Password must meet complexity requirements" located in Comp
and write access. If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and
tting is enabled or not configured, fixed data drives formatted with the FAT file system can be unlocked on computers running Windows Serv
y selecting the "Require use of smart cards on fixed data drives" check box. Note: These settings are enforced when turning on BitLocker,
entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive use
writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker software-b
ed with BitLocker-protected removable data drives. Before a data recovery agent can be used it must be added from the Public Key Policie
ovable data drives" to permit the user to run the BitLocker setup wizard on a removable data drive. Choose "Allow users to suspend and d
o be effective the Group Policy setting "Password must meet complexity requirements" located in Computer Configuration\Windows Setting
mounted with read and write access. If the "Deny write access to devices configured in another organization" option is selected, only drive
y setting is enabled or not configured, removable data drives formatted with the FAT file system can be unlocked on computers running W
by selecting the "Require use of smart cards on removable data drives" check box. Note: These settings are enforced when turning on Bit
entire drive be encrypted when BitLocker is turned on. Choose used space only encryption to require that only the portion of the drive use
ding or writing of data to the drive. If you enable this policy setting, you can specify additional options that control whether BitLocker softw
e locally configured settings values. For more details on individual parameters, combinations of parameter values as well as definitions of fl
owing parameters. NtpServer The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dn
g, you can set the local computer clock to synchronize time with NTP servers. If you disable or do not configure this policy setting, the loca
ests from other computers.
tic connection attempts - When the computer is already connected to a domain based network, all automatic connection attempts to non-
the Internet, a new automatic connection attempt to the Internet is blocked. When the computer has at least one active connection to a W
e provider network. If this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broad
policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
mit is reached. If you disable or do not configure this policy setting, the DPS deletes scenario data once it exceeds 128 megabytes in size. N
their root causes. These root causes will be logged to the event log when detected, but no corrective action will be taken. If you select de
will be turned on. The default is for Windows Calendar to be turned on.
will be turned on. The default is for Windows Calendar to be turned on.

d up.If you disable or do not configure this policy setting, backups can include both system or data volumes.
figure this policy setting, there is no restriction on locally attached storage or disk being backup target.
there is no restriction on network share being backup target.
g, there is no restriction on optical media being backup target.
there is no restriction on running run-once backups.
an uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
an uninstall color profiles that they previously installed. Administrators will be able to uninstall all color profiles.
are disabled. If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or a
are disabled. If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or a
onal options are available to allow discovery and configuration over a specific medium. If you enable this policy setting, additional choices
his can impact machine performance in some scenarios. Not configured: Same as Disabled.
timalware service will load as a low priority task.
ntivirus runs and computers are scanned for malware and other potentially unwanted software.
gs configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, Group policy Settings will o
ble this policy setting, Windows Defender Antivirus does not automatically take action on the detected threats, but prompts users to choos
ot configure this setting, the proxy server will not be bypassed for the specified addresses.
roxy server (if specified) 2. Proxy .pac URL (if specified) 3. None 4. Internet Explorer proxy settings 5. Autodetect If you enable this setting
ver (if specified) 2. Proxy .pac URL (if specified) 3. None 4. Internet Explorer proxy settings 5. Autodetect If you enable this setting, the pr
est virtual machines from undertaking a disk-intensive operation at the same time. If you enable or do not configure this setting, schedule
virus and antispyware definitions are disabled. If you disable or do not configure this setting, the antimalware service will be stopped when
extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0.
tion of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directo
a name value pair, where the name should be a string representation of the path to the process image. Note that only executables can be

e exploit detected by a definition, then that definition is "retired". If all definitions for a given protocal are retired then that protocol is no lo
he definition set GUID to enable test definitions is defined as: “{b54b6ac9-a737-498e-9120-6616ad3bf590}”. The value is not used and it is
le or do not configure this setting, Group Policy will take priority over the local preference setting.
antine folder indefinitely and will not be automatically removed.

mpt users to take actions on malware detections. If you disable or do not configure this policy setting, Windows Defender Antivirus will pro
If you disable this setting, a process scan will not be initiated when real-time protection is turned on.

er the local preference setting.


tting, Group Policy will take priority over the local preference setting.
up Policy will take priority over the local preference setting.
ority over the local preference setting.
up Policy will take priority over the local preference setting.
scan direction. The appropriate configuration should be evaluated based on the server role. Note that this configuration is only honored f
setting, Group Policy will take priority over the local preference setting.
Sunday (0x2) Monday (0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) If you enable th
he computer where the scan is executing. If you enable this setting, a scheduled full scan to complete remediation will run at the time of d

ced notifications will not display on clients.

not configure this setting, archive files will be scanned to the default directory depth level.
e specified will be scanned. If you disable or do not configure this setting, archive files will be scanned according to the default value.
his setting, CPU utilization will not exceed the percentage specified. If you disable or do not configure this setting, CPU utilization will not e
able this setting, a check for new definitions will occur before running a scan. If you disable this setting or do not configure this setting, the

tch-up scans for scheduled full scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is star
catch-up scans for scheduled quick scans will be turned on. If a computer is offline for two consecutive scheduled scans, a catch-up scan is
dbx, mbx, mime (Outlook Express), binhex (Mac). If you enable this setting, e-mail scanning will be enabled. If you disable or do not config
heuristics will be enabled. If you disable this setting, heuristics will be disabled.

not configure this setting, removable drives will not be scanned during a full scan. Removable drives may still be scanned during quick scan
and this is the recommended state for this functionality. If you enable this setting, reparse point scanning will be enabled. If you disable o

roup Policy will take priority over the local preference setting.
olicy will take priority over the local preference setting.
the local preference setting.
ty over the local preference setting.
er the local preference setting.
to 30 days. If you enable this setting, items will be removed from the scan history folder after the number of days specified. If you disable
you enable this setting, a quick scan will run at the interval specified. If you disable or do not configure this setting, a quick scan will run a

(0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never (default) If you enable this setting, a scheduled scan will run at
d on local time on the computer where the scan is executing. If you enable this setting, a daily quick scan will run at the time of day specifi
on local time on the computer where the scan is executing. If you enable this setting, a scheduled scan will run at the time of day specifie
ve missed scheduled scans. If you disable or do not configure this setting, a catch-up scan will occur after the 2 consecutive missed schedu
on in the user interface. By default, this value is set to 14 days. If you enable this setting, spyware definitions will be considered out of date
n the user interface. By default, this value is set to 14 days. If you enable this setting, virus definitions will be considered out of date after t
st is empty by default. If you enable this setting, the specified sources will be contacted for definition updates. Once definition updates hav

s running on battery power.


ill not be initiated on startup when there is no antimalware engine present.
pdateServer”, “MMPC”, and “FileShares” For example: { InternalDefinitionUpdateServer | MicrosoftUpdateServer | MMPC } If you enable
u disable or do not configure this setting, definition updates will be downloaded from the configured download source.
finitions for that threat immediately. You must have configured your computer to join Microsoft MAPS for this functionality to work. If you
0x3) Tuesday (0x4) Wednesday (0x5) Thursday (0x6) Friday (0x7) Saturday (0x8) Never If you enable this setting, the check for definition
es before the scheduled scan time. The schedule is based on local time on the computer where the check is occurring. If you enable this se
r computer to join Microsoft MAPS for this functionality to work. If you enable this setting or do not configure, the antimalware service wil
ng, a catch-up definition update will be required after the default number of days.
nterval specified. If you disable or do not configure this setting, checks for definition updates will occur at the default interval.
nitions will not occur after service startup.
urned on. Disabled – The Block at First Sight setting is turned off. This feature requires these Group Policy settings to be set as follows: M
er the local preference setting.
ed software. Additional information helps Microsoft create new definitions and help it to protect your computer. This information can inclu

n ID for the remediation action that should be taken. Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore
ID for the remediation action that should be taken. Valid threat alert levels are: 1 = Low 2 = Medium 4 = High 5 = Severe Valid remediati

of 1024 characters. Longer strings will be truncated before display. If you enable this setting, the additional text specified will be displayed.
and scan with less frequency. For more information about specific values that are supported, see the Windows Defender Antivirus docum
For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, a
ck: Users and applications will not be able to access dangerous domains -Audit Mode: Users and applications can connect to dangerous do
cations that would normally be considered ""untrusted"" if the setting was Enabled will still be able to modify or delete files in protected fo
ed) - Off: the rule will not be applied Enabled: Specify the state for each ASR rule under the Options section for this setting. Enter each ru
For example, ""C:\Windows"" will exclude all files in that directory. ""C:\Windows\App.exe"" will exclude only that specific file in that spec
ng to add additional applications. Enabled: Specify additional allowed applications in the Options section.. Disabled: No additional applic
olders that are protected is shown in the Windows Defender Security Center. Enabled: Specify additional folders that should be protected

ed: Same as Disabled.

tifications, such as regular PC or device health information. Disabled: Local users will see all types of notifications from the Windows Defe
ct company name GP setting and at least one of the following GP settings: -Specify contact phone number or Skype ID -Specify contact em
fy contact company name GP setting and at least one of the following GP settings: -Specify contact phone number or Skype ID -Specify co
in either the Windows Defender Security Center or any notifications that it creates. Not configured: Same as Disabled.
n the Options section. Disabled: A contact phone number or Skype ID will not be shown in either the Windows Defender Security Center o
ddress or email ID in the Options section. Disabled: A contact email address or email ID will not be shown in either the Windows Defende
ill not be shown in either the Windows Defender Security Center or any notifications it creates. Not configured: Same as Disabled.
o developers of Windows programs. If you enable this policy setting, the Back button is removed from the standard Open dialog box. If yo
e a file name in the text box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so
box provided to developers of Windows programs. To see an example of the standard Open dialog box, start Wordpad and, on the File me
folders -- (\\server\share) 3) FTP folders 4) web folders 5) Common Shell folders. The list of Common Shell Folders that may be specified
Windows NT 4.0, and users cannot restore the new features. Enabling this policy will also turn off the preview pane and set the folder optio
vior of not displaying a confirmation dialog occurs.
ere is an entry in at least one of the following locations in registry. For shell extensions that have been approved by the administrator and a
n the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different comp
mber of shortcuts specified by the policy setting. If you disable or do not configure this policy setting, by default, the system displays short
rn, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
not configure this policy setting, users are able to use the File Explorer CD burning features. Note: This policy setting does not prevent user
be toggled by users. Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to so
erlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
ange the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods
you enable this policy setting, select a drive or combination of drives in the drop-down list. Note: This policy setting removes the drive icon
e browser associated with the Map Network Drive option. This setting does not prevent users from viewing or connecting to computers in

users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and t
annot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems wit
s Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools. This setti
tting, you can choose not to have these items displayed. If you enable this policy setting, the Shared Documents folder is not displayed in t
hat appear when you right-click the File Explorer or Network Locations icons. This setting does not prevent users from connecting to anoth
ted. If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
ers who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as
list of all users that have access to the resource in question. If you disable or do not configure this setting, users will be able to access the s
rk Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, su
ods to issue commands available on the shortcut menus.
ox or the Map Network Drive dialog box to view the directories on these drives. To use this setting, select a drive or combination of drives
otkeys. If you enable this setting, the Windows Key hotkeys are unavailable. If you disable or do not configure this setting, the Windows Ke
ork Locations. This policy setting also removes these icons from the Map Network Drive browser. If you disable or do not configure this pol
gure it, this dialog box appears only when users are installing programs from local media. The "Install Program as Other User" dialog box p
sk space used by the Recycle Bin. Note: This setting is applied to all volumes.
d set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this
d set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this
fault browser with the search terms. If you do not configure this policy (default), there will be an "Internet" link when the user performs a
nternet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in Ope
specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for th
order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the targ
nly blocks the creation of the folder. You can specify a known folder using its known folder id or using its canonical name. For example, the

s policy will: * Disable all Arrangement views except for "By Folder" * Disable all Search filter suggestions other than "Date Modified" and
you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box ent
s access to user-defined properties, and properties stored in NTFS secondary streams.
s access to user-defined properties, and properties stored in NTFS secondary streams.
e Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
e Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
al files. If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors. If you disable this po
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-sp
rom the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined
rom the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined
ed from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. Som
ey want lock to show through the Power Options Control Panel.
u do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Pan
s menu. If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power O
user if a new application has been installed that can handle the file type or protocol association that was invoked.
t configure this policy setting, users can choose how the ribbon appears when they open new windows.
t configure this policy setting, users can choose how the ribbon appears when they open new windows.
n, refer to the DISM documentation on TechNet. If this group policy is enabled and the client machine is domain-joined, the file will be pro
from being displayed. Note: Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
%Systemroot%\System32\Dllcache directory. Note: Do not put the cache on a network shared directory.
ant Windows XP files to the cache until the cache size reaches the quota. If you enable this policy setting, enter the maximum amount of d
t Windows File Protection to scan files more often. -- "Do not scan during startup," the default, scans files only during setup. -- "Scan dur
n progress window appears.
ewall does not block its unsolicited messages. This policy setting overrides other policy settings that would block those messages. If you dis
g, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabl
you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local program
able this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not r
oming connections" check box is selected and administrators cannot clear it. You should also enable the "Windows Defender Firewall: Prot
u must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall componen
sage type, Windows Defender Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbo
ain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) a
his policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Co
ng, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy se
this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list.
remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP
subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the "Remote De
rs. If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Wi
hat this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages
g, you can view and change the program exceptions list defined by Group Policy. If you add a program to this list and set its status to Enabl
you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local program
able this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not r
oming connections" check box is selected and administrators cannot clear it. You should also enable the "Windows Defender Firewall: Prot
u must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Defender Firewall componen
sage type, Windows Defender Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbo
ain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) a
his policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Co
ng, you can view and change the inbound port exceptions list defined by Group Policy. To view this port exceptions list, enable the policy se
this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list.
remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Additionally, on Windows XP Professional with at least SP
subnets from which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the "Remote De
rs. If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Wi
hat this computer can receive Plug and Play messages. You must specify the IP addresses or subnets from which these incoming messages

censes for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses. Secure content tha
allow users to select privacy, file types, and other desktop options from being displayed when the Player is first started. Some of the option
e whether the anchor window displays is not available. If you disable or do not configure this policy setting, users can show or hide the an
n the Player is cleared and is not available. If you disable this policy setting, video smoothing occurs if necessary, and the Use Video Smoo
ia information for CDs and DVDs from the Internet check box on the Privacy Options tab in the first use dialog box and on the Privacy tab in
disabled from Windows Media Player or from programs that depend on the Player's media sharing feature. If you disable or do not configu
. In addition, the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box in the fi
he shortcut for the Player to the Quick Launch bar.
policy is configured are not be updated, and presets a user adds are not be displayed. If you disable or do not configure this policy setting
rtcut icon to their desktops.
k check box on the Player tab in the Player is selected and is not available. If you disable this policy setting, a screen saver does not interrup
ailable. If you disable this policy setting, codecs are automatically downloaded and the Download codecs automatically check box is not av
When this policy is not configured or disabled, users can show or hide the anchor window when the Player is in skin mode by using the Pla
en, unless the "Prevent music file media information retrieval" policy setting is enabled. The default privacy settings are used for the option
orer unless these settings have been hidden or disabled by Internet Explorer policies. If you disable or do not configure this policy setting, u
me.wmz), and the skin must be installed in the %programfiles%\Windows Media Player\Skins Folder on a user's computer. If the skin is not
r's proxy settings are used. If the Custom proxy type is selected, the rest of the options on the Setting tab must be specified because no de
the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetec
the rest of the options on the Setting tab must be specified; otherwise, the default settings are used. The options are ignored if Autodetect
e Network tab appears and users can use it to configure network settings.
p to 60, that streaming media is buffered. - Default: default network buffering is used and the number of seconds that is specified is ignore
a stream initiated through an MMS or RTSP URL from a Windows Media server. If the RSTP/UDP check box is selected, a user can specify U
ote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from t
ote: This policy setting simply prevents Windows Messenger from running initially. If the user invokes and uses Windows Messenger from t
se Windows Messenger. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are prese
se Windows Messenger. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are prese
ork as clear text. If you disable or do not configure this policy setting, the WinRM client does not use Basic authentication.
figure this policy setting, the WinRM client sends or receives only encrypted messages over the network.

otiate authentication.
WinRM client is using the Negotiate authentication and Kerberos is selected. If you disable or do not configure this policy setting, the WinR
P authentication.
f the destination host is a trusted entity. The WinRM client uses this list when neither HTTPS nor Kerberos are used to authenticate the iden
s on the HTTP transport over the default HTTP port. To allow WinRM service to receive requests over the network, configure the Windows
pears. When certain port 80 listeners are migrated to WinRM 2.0, the listener port number changes to 5985. A listener might be automati
r appears. When certain port 443 listeners are migrated to WinRM 2.0, the listener port number changes to 5986. A listener might be auto
tting, the WinRM service does not accept Basic authentication from a remote client.
nfigure this policy setting, the WinRM client sends or receives only encrypted messages over the network.
plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will b
gure this policy setting, the WinRM service accepts Negotiate authentication from a remote client.
setting, the WinRM service accepts Kerberos authentication from a remote client.
olicy setting, the WinRM service does not accept CredSSP authentication from a remote client.
based on a supplied channel binding token. If you disable or do not configure this policy setting, you can configure the hardening level loc

rver will wait for the specified amount of time since the last received message from the client before terminating the open shell. If you do
t configure this policy setting, the default number is five users.
s only limited by the available virtual memory. If you enable this policy setting, the remote operation is terminated when a new allocation
ot configure this policy setting, the limit is five processes per shell.

eeds the specified limit. If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.

the automatic download and installation of app updates is determined by a registry setting that the user can change using Settings in the W
load of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.

cess the retail catalog in the Windows Store app.


cess the retail catalog in the Windows Store app.
oaded components are ready to be installed, or prior to downloading, depending on their configuration. If you enable this setting, it prohib
e for installation when the user selects the Shut Down option in the Start menu. If you disable or do not configure this policy setting, the 'In
e for installation when the user selects the Shut Down option in the Start menu. If you disable or do not configure this policy setting, the 'In
alog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.
alog box, regardless of whether the 'Install Updates and Shut Down' option is available in the 'What do you want the computer to do?' list.
the Tools menu in Internet Explorer. Windows automatic updating is also disabled; you will neither be notified about nor will you receive c
d, you must select one of the four options in the Group Policy Setting: 2 = Notify before downloading and installing any updates. When W
ice for updates that apply to the computers on your network. To use this setting, you must set two server name values: the server from wh
us is set to Disabled or Not Configured, Windows will check for available updates at the default interval of 22 hours. Note: The "Specify intr
ich logged-on user should receive update notifications. Non-administrative users will be able to install all optional, recommended, and imp
sabled, such updates will not be installed immediately. Note: If the "Configure Automatic Updates" policy is disabled, this policy has no eff
abled or not configured Automatic Updates will continue to deliver important updates if it is already configured to do so.
use in loosely managed environments in which you allow the end user access to the Microsoft Update service. If you enable this policy setti
es automatically. If the system is in hibernation when the scheduled install time occurs and there are updates to be applied, then Windows
eduled installation if a user is logged in to the computer. Instead, Automatic Updates will notify the user to restart the computer. Be aware
e restart will proceed even if the PC has signed-in users. If you disable or do not configure this policy, Windows Update will not alter its res
d, the default interval is 10 minutes. Note: This policy applies only when Automatic Updates is configured to perform scheduled installatio
15 minutes. Note: This policy applies only when Automatic Updates is configured to perform scheduled installations of updates. If the "Con
puter is next started. If the status is set to Disabled, a missed scheduled installation will occur with the next scheduled installation. If the s
to this computer. If the intranet Microsoft update service supports multiple target groups this policy can specify multiple group names sep
rosoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer. If
policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working. Note: This po
ing once the next Windows release is public. This option is useful when your device is set up to install preview and you want to gracefully o
s to Microsoft, and provide suggestions on new functionality. * Preview Build - Slow: Devices set to this level receive new builds of Window
rt date field. To resume receiving Quality Updates which are paused, clear the start date field. If you disable or do not configure this policy

user selected active hours will be in effect. If any of the following two policies are enabled, this policy has no effect: 1. No auto-restart wit
ally occur the specified number of days after the restart was scheduled. If you disable or do not configure this policy, the PC will restart acc

er action to dismiss the notification. If you disable or do not configure this policy, the default method will be used.

be unchanged.
r to a scheduled restart to display the warning reminder to the user. You can specify the amount of time prior to a scheduled restart to no
an snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. You can specify the deadline in day

pe remote shutdown interface. If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown
y setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.

s on that displays the date and time of the last successful logon by that user, the date and time of the last unsuccessful logon attempted w
ogon hours expire. If you disable or do not configure this setting, users receive warnings before the logon hours expire, if actions have bee
mitted logon hours. If you choose to log off a user, the user cannot log on again except during permitted logon hours. If you choose to log o
an simulate the SAS. If you set this policy setting to "Ease of Access applications," Ease of Access applications can simulate the SAS. If you s
If disabled or not configured, no popup will be displayed to the user.
If disabled or not configured, no popup will be displayed to the user.
our interface program to a network share or to your system drive. Then, enable this setting, and type the name of the interface program, in
figure automatic sign-in after a Windows Update restart. After the Windows Update restart, the user is automatically signed-in and the ses
ad and update of map data is determined by a registry setting that the user can change using Windows Settings.
age. If you disable or do not configure this policy setting, the Offline Maps setting page may generate network traffic.
, console applications or GUI applications without visible top-level windows that block or cancel shutdown will not be automatically termin
has an option to turn it always on or off except for manual launch, too.

hine: - Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this c
owed (but not necessarily preferred).
y default Push Button pairing is preferred (if allowed by other policies).
ots it knows about by crowdsourcing networks that other people using Windows have connected to. "Connect to networks shared by my c

puter; it also prevents them from manually specifying the local folder in which Work Folders stores files. Work Folders will use the settings
ain-joined PC. The "Work Folders URL" can specify either the URL used by the organization for Work Folders discovery, or the specific URL o

to Azure Active Directory Device Registration Overview. http://go.microsoft.com/fwlink/?LinkId=307136


administrator or user. No reboots or service restarts are required for this policy setting to take effect.
disable system features individually to stop their ability to raise toast notifications. If you disable or do not configure this policy setting, toa
administrator or user. No reboots or service restarts are required for this policy setting to take effect.
able to poll application services to update tiles. If you enable this policy setting, applications and system features will not be able receive n
sed and some background task deferred during the designated Quiet Hours time window. Users will not be able to change this or any othe
d, and users will not be able to change it or any other Quiet Hours setting. If you do not configure this policy setting, a default value will b
, and users will not be able to change it or any other Quiet Hours setting. If you do not configure this policy setting, a default value will be
and video calls will be allowed during Quiet Hours, and users will not be able to customize this or any other Quiet Hours settings. If you do
No reboots or service restarts are required for this policy setting to take effect.
Use of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restri
se of this connection is unlimited and not restricted by usage charges and capacity constraints. - Fixed: Use of this connection is not restri
cess control page. If this policy setting is disabled or is not configured, the link to the per-application cellular access control page is showed
setting overrides the default setting. If you choose the "User is in control" option, employees in your organization can decide whether Wi
configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation. Note: Wild card characters
Service responds to certificate errors. By default all HTTPS connections must supply a server certificate that passes all validation criteria. If
setting. You must enter a category that is already defined in Add or Remove Programs. To define a category, use Software Installation. If yo
d or remove program components. Note: If the "Hide Add New Programs page" setting is enabled, this setting is ignored. Also, if the "Preve
de Add New Programs page" setting is enabled, this setting is ignored.
s Windows Installer. Typically, system administrators publish programs to notify users that the programs are available, to recommend their
nd methods to install programs.
in Add or Remove Programs. If you disable this setting or do not configure it, Add or Remove Programs is available to all users. When enab
able this setting or do not configure it, the Set Program Access and Defaults button is available to all users. This setting does not prevent u
s from using other tools and methods to delete or uninstall programs.
are unconfigured system services. If you enable this setting, "Set up services" never appears. This setting does not prevent users from usin
s the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such
figure it, the Add/Remove Windows Components button is available to all users. This setting does not prevent users from using other tools
lable to users through the Settings app. This policy is only supported up to Windows 10, Version 1703. Please use 'Manage preview builds'
st be allowed to run. The MS-DOS subsystem starts when the first 16-bit application is launched. While the MS-DOS subsystem is running, a
e property page from the context-menus, but does not affect previous compatibility settings applied to application using this interface.
dless of how this policy is set. Disabling telemetry will take effect on any newly launched applications. To ensure that telemetry collection h
y of older applications. This option is useful for server administrators who require performance and are aware of compatibility of the applic
tion compatibility engine will boost system performance. However, this will degrade the compatibility of many popular legacy applications,

this policy setting, the PCA will be turned off. The user will not be presented with solutions to known compatibility issues when running ap
on to turn on and off data collection. If you enable this policy setting, Steps Recorder will be disabled. If you disable or do not configure th
the Program Compatibility Assistant is also disabled. If you disable or do not configure this policy setting, the Inventory Collector will be tu
irtualized environment. If you enable this setting, Application Guard is turned on for your organization.
om the host to Application Guard. NOTE We recommend that you don't enable copying from the host to Application Guard. If you enable
s PDF and save the resulting file on the host. - Enable printing to XPS, allows people to print as XPS and save the resulting file on the host.
of the Windows Defender Application Guard container, directly in Internet Explorer and Microsoft Edge..
device using the Reset-ApplicationGuard PowerShell command. Running this command deletes all employee data, regardless of configurati
sable or don't configure this setting, audit event logs aren't collected for Application Guard.
our organization can decide whether Windows apps can access account information by using Settings > Privacy on the device. If you choos
nization can decide whether Windows apps can access the calendar by using Settings > Privacy on the device. If you choose the "Force All
ization can decide whether Windows apps can access call history by using Settings > Privacy on the device. If you choose the "Force Allow"
nization can decide whether Windows apps can access the camera by using Settings > Privacy on the device. If you choose the "Force Allow
ation can decide whether Windows apps can access contacts by using Settings > Privacy on the device. If you choose the "Force Allow" opti
n can decide whether Windows apps can access email by using Settings > Privacy on the device. If you choose the "Force Allow" option, W
tion can decide whether Windows apps can access location by using Settings > Privacy on the device. If you choose the "Force Allow" optio
oyees in your organization can decide whether Windows apps can read or send messages by using Settings > Privacy on the device. If you
organization can decide whether Windows apps can access the microphone by using Settings > Privacy on the device. If you choose the "Fo
nization can decide whether Windows apps can access motion data by using Settings > Privacy on the device. If you choose the "Force Allo
anization can decide whether Windows apps can access notifications by using Settings > Privacy on the device. If you choose the "Force All
zation can decide whether Windows apps can make phone calls by using Settings > Privacy on the device. If you choose the "Force Allow"
r organization can decide whether Windows apps have access to control radios by using Settings > Privacy on the device. If you choose the
n, employees in your organization can decide whether Windows apps can communicate with unpaired wireless devices by using Settings >
n can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If you choose the "Force Allow" option, Wi
rganization can decide whether Windows apps can access trusted devices by using Settings > Privacy on the device. If you choose the "For
rganization can decide whether Windows apps can run in the background by using Settings > Privacy on the device. If you choose the "For
e the "User is in control" option, employees in your organization can decide whether Windows apps can get diagnostic information about

will help reduce the server load. Repeat reporting for every (days): The periodical interval in days for sending the reporting data. Data C
Unit. To disable package refresh, select 0. Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). User
Unit. To disable package refresh, select 0. Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). User
Unit. To disable package refresh, select 0. Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). User
Unit. To disable package refresh, select 0. Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). User
Unit. To disable package refresh, select 0. Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31). User

developer-signed Windows Store apps.


d by an administrator Temporary user profiles, which are created when an error prevents the correct profile from loading User profiles for

usly enabled, any previously shared app data will remain in the SharedLocal folder.
default desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setti
default desktop app for a file type; they can open files only in other Windows Store apps. If you disable or do not configure this policy setti
e default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this polic
e default desktop app for a URI scheme; they can open URIs only in other Windows Store apps. If you disable or do not configure this polic
ng, users will need to sign in with a Microsoft account.
ter can use. If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules.
cy setting, all Windows Store apps can be launched.
n the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened. If you disable t
andler. Using both the file handler and type data is the most restrictive option. Windows chooses the more restrictive recommendation w
achments with their zone information. If you disable this policy setting, Windows marks file attachments with their zone information. If yo
g, Windows hides the check box and Unblock button. If you disable this policy setting, Windows shows the check box and Unblock button.
cessing the file. Moderate Risk: If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone, Windo
n more than one inclusion list). If you enable this policy setting, you can create a custom list of high-risk file types. If you disable this policy
re than one inclusion list). If you enable this policy setting, you can specify file types that pose a low risk. If you disable this policy setting,
igh-risk inclusion list (where an extension is listed in more than one inclusion list). If you enable this policy setting, you can specify file type
d," on the workstations and servers on which this policy setting is applied. If you disable or do not configure this policy setting, the process
uted without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be
uted without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be

ws XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this pol
ws XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices. If you enable this pol

atically sent to Microsoft) - Disabled (data will be automatically sent to Microsoft) - Enabled (data will not be sent to Microsoft)

e this policy setting, the Windows Biometric Service is unavailable, and users cannot use any biometric feature in Windows. Note: Users w
Windows-based computer and can elevate permissions with UAC using biometrics. If you disable this policy setting, biometrics cannot be
ometrics. Note: Prior to Windows 10, not configuring this policy setting would have prevented domain users from using biometrics to log o
sable or do not configure this policy setting, a default value of 10 seconds is used for fast-user switch event timeouts.
Windows doesn't require enhanced anti-spoofing for Windows Hello face authentication. Note that enhanced anti-spoofing for Windows
action will reset this timeout. Consider increasing the timeout value if computers tend to stay offline for a long period of time and still hav
licy setting, you can set the maximum job download time to a specified number of seconds. If you disable or do not configure this policy s
the day's hours. If you enable this policy setting, BITS will limit its bandwidth usage to the specified values. You can specify the limit in kilob
you can set up a schedule for limiting network bandwidth during both work and nonwork hours. After the work schedule is defined, you c
. You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limit
files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from
If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer
centage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent. If you disable or do no
nly from the origin server. However, the computer will still make files available to its peers. If you disable or do not configure this policy setti
ll still download files from peers. If you disable or do not configure this policy setting, the computer will offer downloaded and cached files
, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. You can change the default behavior of BITS, and specify a fixed m
download policy explicitly configured by the application that created the BITS job, but does apply to jobs that are created by specifying on
not configure this policy setting, BITS will use the default BITS job limit of 300 jobs. Note: BITS jobs created by services and the local admin
configure this policy setting, BITS will use the default user BITS job limit of 300 jobs. Note: This limit must be lower than the setting specifie
ue of 200 for the maximum number of files a job can contain. Note: BITS Jobs created by services and the local administrator account do n
g, BITS will limit ranges to 500 ranges per file. Note: BITS Jobs created by services and the local administrator account do not count toward
nch Cache. Note: This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting d

em, Use the following command: CertUtil.exe -DisplayEccCurve


as setup an Enterprise spotlight content service in Azure, the lock screen will display internal messages and communications configured in t
s are allowed and may be controlled individually using their corresponding policy settings.
ted features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disab
nt. Note: This setting only applies to Enterprise and Education SKUs.
Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds\Allow Telemetry" policy setting with a
nt from third-party software publishers in addition to Microsoft apps and content.

he Windows Welcome Experience will be launched to help onboard users to Windows telling them about what's new, changed, and sugge
a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches m
a component registration is missing, the system searches for it in Active Directory and, if it is found, downloads it. The resulting searches m

ettings. If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen. To hide a
it to in the previous session.
rm Account picture Search results If users try to select a Control Panel item from the Properties item on a context menu, a message appe
e control.exe. This policy has no effect on items displayed in PC settings. To display a Control Panel item, enable this policy setting and click
gs being shown instead. This policy has two modes: it can either specify a list of settings pages to show or a list of pages to hide. To specify
nu & Taskbar) settings.

and windows. If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Perso

saver options. If you do not configure it, this setting has no effect on the system. If you enable it, a screen saver runs, provided the followi
nel, which prevents users from changing the screen saver. If you disable this setting or do not configure it, users can select any screen save
d" checkbox on the Screen Saver dialog in the Personalization or Display Control Panel, preventing users from changing the password prote
wing circumstances: - The setting is disabled or not configured. - The wait time is set to zero. - The "Enable Screen Saver" setting is disabl
ote: You must also enable the "Desktop Wallpaper" setting to prevent users from changing the desktop wallpaper. Refer to KB article: Q327

me using the "load a specific theme" setting, the theme defaults to whatever the user previously set or the system default.
setting, the default theme will be applied at the first logon.
Also, a user may not apply a different visual style when changing themes.
sable or do not configure this setting, the users can select the visual style that they want to use by changing themes (if the Personalization

lock screen using touch, the keyboard, or by dragging it with the mouse. Note: This setting only applies to Enterprise, Education, and Serv

o of 2:1 with white text.

supported version of Windows, then those colors take precedence over this policy. If the "Force a specific Start background" policy is also
, type the fully qualified path and name of the file that stores the default lock screen and logon image. You can type a local path, such as C
r Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed. If you enable this policy setting, the default u
you enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which
of credentials (for example, to support biometric authentication). If you enable this policy, an administrator can specify the CLSIDs of the c
Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.

at affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver
the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
on to Windows). The policy becomes effective the next time the user signs on to a computer running Windows. If you disable or do not c
o not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine. Note: The "Allow delegati
ng the application). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credenti
ot configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desk
the Windows credential manager). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation o
ger). If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted
ecify any server. Note: The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). T
s not specify any server. Note: The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SP
olicy setting does not specify any server. Note: The "Deny delegating saved credentials" policy setting can be set to one or more Service Pri
vice. Participating apps: Remote Desktop Client If you enable this policy setting, the following options are supported: Restrict credential
Restricted Administration and Remote Credential Guard mode are not supported. User will always need to pass their credentials to the hos
policy setting, users will always be required to type a user name and password to elevate.
he Secure Desktop by means of the trusted path mechanism. If you disable or do not configure this policy setting, users will enter Window
ntry text box. By default, the password reveal button is displayed after a user types a password in the password entry text box. To display th
ntry text box. By default, the password reveal button is displayed after a user types a password in the password entry text box. To display th
ord or their password is expiring.
e keyboard using Ctrl+Alt+Del. Tip:To lock a computer without configuring a setting, press Ctrl+Alt+Delete, and then click Lock this comput
able to access Task Manager. If users try to start Task Manager, a message appears explaining that a policy prevents the action. If you disab
do not configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
nly. Setting a value of 0 for other devices is equivalent to setting a value of 1. A value of 1 (Basic) sends the same data as a value of 0, plus a
nly. Setting a value of 0 for other devices is equivalent to setting a value of 1. A value of 1 (Basic) sends the same data as a value of 0, plus a
oft try features on this build” option in Settings.
ot configure this policy setting, Connected User Experience and Telemetry data will be sent to Microsoft using the default proxy configurati
. If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its
r Experience and Telemetry service from automatically using an authenticated proxy.
events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink
OM will not look in the locally configured DCOM activation security check exemption list. If you do not configure this policy setting, DCOM
emptions" policy is enabled. DCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-4
n this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2. 3=HTTP blended with

0 means "not-limited"; The cloud service set default value will be used.
g is ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explo
ng is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explor
or edit Web content or disable, lock, or synchronize Active Desktop components.
, but the item is deleted each time the setting is refreshed. Note: Removing an item from the "Add" list for this setting is not the same as d

om deleting items from their Active Desktop.

EG and GIF, for their desktop wallpaper.


electing "Set as Wallpaper". Also, see the "Desktop Wallpaper" and the "Prevent changing wallpaper" (in User Configuration\Administrativ
path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available wh
u. To see the filter bar, open Network Locations, click Entire Network, and then click Directory. Right-click the name of a Windows domain,
ctory but not tempt them to casually browse Active Directory.
umber of objects returned" box to limit returns from an Active Directory search. If you disable this setting or do not configure it, the system

ts\Common Open File Dialog to remove the Desktop icon from the Places Bar. This will help prevent users from saving data to the Desktop.
ed, users can run the Desktop Cleanup Wizard, or have it run automatically every 60 days from Display, by clicking the Desktop tab and the
e shell namespace, allowing them to present their users with a simpler desktop environment. If you enable this setting, Computer is hidde
from the Start menu. To do so, use the "Remove My Documents icon from Start Menu" setting. Note: To make changes to this setting effec

or do not configure this policy setting, the Properties menu command is displayed.
in the shared folder.
nd then log back on.

the taskbar beside the Start button), and point to "Toolbars." Also, see the "Prohibit adjusting desktop toolbars" setting.

panion device to authenticate with Windows Hello.


Code Integrity This setting enables virtualization based protection of Kernel Mode Code Integrity. When this is enabled, kernel mode mem
r example, \\ServerName\ShareName\SIPolicy.p7b), or a locally valid path (for example, C:\FolderName\SIPolicy.p7b). The local machine a
Microsoft Windows Publisher certificate and drivers that are signed by other Authenticode certificates are prioritized equally during the dr

is policy setting, Windows does not create a system restore point when one would normally be created. If you disable or do not configure

rver, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server. If you disabl
ws is allowed to install or update device drivers whose device setup class GUIDs appear in the list you create, unless another policy setting
e list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices fr
d to install or update any device whose Plug and Play hardware ID or compatible ID appears in the list you create, unless another policy setti
able this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop clie
cy setting that allows Windows to install a device. If you enable this policy setting, Windows is prevented from installing removable device
setting. If you disable or do not configure this policy setting, Windows is allowed to install or update the device driver for any device that i
restriction right will not take effect until the system is restarted.
efault title in a notification when a policy setting prevents device installation.
cy setting prevents device installation.
rustedPublisher store. If you disable or do not configure this policy setting, only members of the Administrators group are allowed to instal
en you enable this setting, use the drop-down box to specify the desired response. -- "Ignore" directs the system to proceed with the insta

when a device driver that requests additional software is installed.


ociated check box beside the location name. If you disable or do not configure this setting, Windows searches the installation location, flop
t be prompted to search Windows Update. If you disable or do not configure this setting, and "Turn off Windows Update device driver sea
t be prompted to search Windows Update. If you disable or do not configure this setting, and "Turn off Windows Update device driver sea
t continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is tem
nly if no update is found will Windows then also search Windows Update. If you disable or do not configure this policy setting, members o
or do not configure this policy setting, the setting in the Device Installation Settings dialog box controls whether Windows retrieves device
this policy setting, the default value of 15 minutes applies. Note: The minimum value you can select is 15 minutes. If you try to set this setti

eboots or service restarts are required for this policy setting to take effect: changes take effect immediately. This policy setting only takes e
s policy setting, the DPS also warns users of S.M.A.R.T. faults and guides them through backup and recovery to minimize potential data loss
me. The required data is stored in the NV cache during shutdown and hibernate, respectively. This might cause a slight increase in the time
gure this policy setting, the default behavior is to allow the hybrid hard disks to be in power save mode. Note: This policy setting is applicab
ption of the system by keeping the disks spun down while satisfying reads and writes from the cache. If you enable this policy setting, the
or longer periods to save power. Note that this can cause increased wear of the NV cache. If you do not configure this policy setting, the de
t is turned off by default, but administrators can turn it on. To prevent users from changing the setting while a setting is in effect, the system
cannot make changes while the setting is in effect. If you do not configure this policy setting, the disk quota limit is not enforced by default
setting overrides new users’ settings for the disk quota limit and warning level on their volumes, and it disables the corresponding options
stem disables the "Log event when a user exceeds their quota limit" option on the Quota tab, so administrators cannot change the setting
tion on the Quota tab so that administrators cannot change logging while a policy setting is in effect. If you do not configure this policy setti

lication is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application ma
plication manifest. If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications. If G
ver. This policy should not be set unless the DLT server is running on all domain controllers in the domain.
ble this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied connection specific DNS s
ng, the list of DNS servers is applied to all network connections used by computers that receive this policy setting. If you disable this policy
mary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel. You can use this pol
tion of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft
cy setting, click Enabled, and then select one of the following options from the drop-down list: Do not register: Computers will not attemp
c DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and
puters. During dynamic update of resource records in a zone that does not use Secure Dynamic Updates, an A resource record might exist
ecords are current and should not be automatically removed (scavenged) when a DNS server is configured to delete stale records. Warning
s that receive this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the TTL s
-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending th
policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting. If you
mputers send dynamic updates to any zone that is authoritative for the resource records that the computer needs to update, except the ro
used when a user or application submits a query for a single-label domain name. The DNS client appends DNS suffixes to the single-label,
volution settings. Devolution can be used when a user or application submits a query for a single-label domain name. The DNS client appe
es name resolution in scenarios in which conventional DNS name resolution is not possible. If you enable this policy setting, LLMNR will be
nating dot. For example, if attaching suffixes is allowed, an unqualified multi-label name query for "server.corp" will be queried by the DNS
olicy setting, the DNS client will not perform any optimizations. DNS queries will be issued across all networks first. LLMNR queries will be
ollowed by NetBT for all networks. If you disable this policy setting, or if you do not configure this policy setting, the DNS client will prefer l
"example" and not for multi-label and fully qualified domain names.
ocal protocols will be preferred over DNS responses if the local responses are from a network with a higher binding order. If you disable th
h no WINS servers configured.

Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting req
Windows+Tab keys, a visual version of the desktop is presented and items can be flipped through to select. Changing this policy setting req

tion with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by u
tion with the "Prevent color changes of window frames" setting, to enforce a specific color for window frames that cannot be changed by u
enforce a specific color for window frames that cannot be changed by users.
enforce a specific color for window frames that cannot be changed by users.
efore enabling this policy setting is still used for conversion. If you disable or do not configure this policy setting, Open Extended Dictionar
Microsoft IME, Simplified Chinese Microsoft Pinyin, and Traditional Chinese New Phonetic.
or Japanese Microsoft IME, [Clear auto-tuning information] works, even if this policy setting is enabled, and it clears self-tuned words from
ed IBM extended code 0x0008 // IBM extended code 0x0010 // Half width katakana code 0x0100 // EUDC(GAIJI) 0x0200 // S-JIS unmapp
ndard Glyph are included in the candidate list. This policy setting applies to Japanese Microsoft IME only. Note: Changes to this setting wil
y associated with this feature is turned off, and the user won't be able to turn it on. If you don't configure this policy setting, it will be turn
y associated with this feature is turned off, and the user won't be able to turn it on. If you don't configure this policy setting, it will be turn
the user won't be able to turn it on. If you don't configure this policy setting, it will be turned on by default, and the user can turn on and
mended that you do not allow known bad drivers to be initialized. - Bad, but required for boot: The driver has been identified as malware,

uently used apps will appear at the top.


policy setting, the recent apps will be available by default, and the user can configure this setting.
on't configure this policy setting, Search, Share, Start, Devices, and Settings will be available by default, and the user can configure this setti
werShell, but not from that menu. If you disable or don't configure this policy setting, Command Prompt will be listed in the menu by defau

When files are moved to other volumes, or if you create a new file in an encrypted folder, File Explorer encrypts those files automatically.
s policy setting, USB Enhanced Storage devices connected to both USB root hubs and non-root hubs will be allowed.

anced Storage devices are usable on your computer.

nt/Internet Communication settings. Important: If the Turn off Windows Error Reporting policy setting is not configured, then Control Pane
ccurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this
Panel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration
Panel. If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration

on/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.


on/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
able or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a repor
able or do not configure this policy setting, WER throttles data by default; that is, WER does not upload more than one CAB file for a repor
ithout notification to the user. If you disable this policy setting, then all memory dumps are uploaded according to the default consent and
ithout notification to the user. If you disable this policy setting, then all memory dumps are uploaded according to the default consent and
running on battery power, but checks for solutions and uploads report data normally. If you disable or do not configure this policy setting,
running on battery power, but checks for solutions and uploads report data normally. If you disable or do not configure this policy setting,
work cost policy again if the network profile is changed.
work cost policy again if the network profile is changed.
applications are reported, regardless of the setting in the Default pull-down menu. When the Report all errors in Windows check box is fill
d then add or remove applications from the list of application file names in the Show Contents dialog box (example: notepad.exe). File nam
e generated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to rep
Error Reporting settings in Control Panel are set to upload operating system errors. See also the Configure Error Reporting policy setting.
on is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatic
on is stored. The Maximum number of reports to store setting determines how many reports are stored before older reports are automatic
fy a port number on the destination server for transmission. If you disable or do not configure this policy setting, Windows Error Reporting
file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remov
file names in the Show Contents dialog box (example: notepad.exe). File names must always include the .exe file name extension. To remov
send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send
send it immediately. When Queuing behavior is set to Always queue, all reports are added to the queue until the user is prompted to send
an set a consent level of 0, 1, 2, 3, or 4. - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. - 1 (Always a
an set a consent level of 0, 1, 2, 3, or 4. - 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type. - 1 (Always a
types, and the default consent setting determines only the consent level of any other error reports.
types, and the default consent setting determines only the consent level of any other error reports.
he minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send an
he minimum data that is required to check for an existing solution is sent automatically, and Windows prompts users for consent to send an
of the collector>:5986/wsman/SubscriptionManager/WEC,Refresh=<Refresh interval in seconds>,IssuerCA=<Thumb print of the client auth
ed. This setting applies across all subscriptions for the forwarder (source computer).
setting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old eve
ools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change ac
and system services can write, read, or clear this log. If you do not configure this policy setting, the previous policy setting configuration re
p log automatically when full" policy setting.

d by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
setting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old eve
ed value can access the log. If you disable or do not configure this policy setting, only system software and administrators can read or clea
this log. If you do not configure this policy setting, the previous policy setting configuration remains in effect.
p log automatically when full" policy setting.

d by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
setting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old eve
ools and APIs may ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change ac
and system services can write, read, or clear this log. If you do not configure this policy setting, the previous policy setting configuration re
p log automatically when full" policy setting.

d by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
setting is enabled, new events are discarded and old events are retained. If you do not configure this policy setting and the "Retain old eve
policy setting, only system software and administrators can write or clear this log, and any authenticated user can read events from it. Note
do not configure this policy setting, the previous policy setting configuration remains in effect.
p log automatically when full" policy setting.

d by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
decrypt these encrypted messages, provided that you have access to the private key corresponding to the public key that they were encry

erShell cmdlet, or directly in the Windows Defender Security Center. - Generate an XML file with the settings from the device by running th
he 'ALT' key.
s or folders to the root of their Users Files folder in File Explorer. Note: Enabling this policy setting does not prevent the user from being ab

er had last logged on, unexpected behavior could occur.


dows To Go Startup Options Control Panel item. If you disable this setting, booting to Windows To Go when a USB device is connected will

gure this policy setting, users can control how often they receive feedback questions.

ecovery of corrupted files will automatically start with no UI. Windows will log an administrator event when a system restart is required. Th
he application. The EID must be an internet domain belonging to the enterprise in standard international domain name format. Example
ypted. Note: To make changes to this setting effective, you must restart Volume Shadow Copy (VSS) Service .
cal administrators may select the types of symbolic links to be evaluated.

on to be configurable on a per volume basis then an on-disk flag will determine whether or not short names are created on a given volume

stored locally on the user's device after each use of their active digitizer. When Find My Device is off, the device and its location are not reg
these subfolders when redirecting the Start Menu or legacy My Documents folder. If you disable or not configure this policy setting, Windo
tically made available offline. All subfolders within the redirected folders are also made available offline. Note: This policy setting does not
ble offline. Note: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automati
these subfolders when redirecting the Start Menu or legacy My Documents folder. If you disable or not configure this policy setting, Windo
nstead of copying the content to the new location, the cached content is renamed in the local cache and not copied to the new location. To
nagement software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This p
nagement software or a script to add primary computer attributes to the user's account in Active Directory Domain Services (AD DS). This p
eview Pane since the two cannot be displayed at the same time. If you disable, or do not configure this policy setting, the Details Pane is hi

that are handled by the DPS. If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. This

users. The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not
users. The policy setting "Restrict user locales" can also be enabled to disallow selection of a custom locale, even if this policy setting is not
icolon (;). For example, en-US is English (United States). Specifying "en-US;en-CA" would restrict the system locale to English (United States
e sign-in page. If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account o
re the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is Engl
re the per-computer policy setting. The locale list is specified using language tags, separated by a semicolon (;). For example, en-US is Engl
policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set th
policy is ignored. If you do not configure this policy setting at the computer level, restrictions are based on per-user policy settings. To set th
s, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. If this policy s
s, however, they will be unable to customize those choices. The user cannot customize their user locale with user overrides. If this policy s
l. If you enable this policy setting, the user cannot see the Administrative options. If you disable or do not configure this policy setting, the
t configure this policy setting, the user sees the option for changing the user location (GeoID). Note: Even if a user can see the GeoID optio
mmatically. If you disable or do not configure this policy setting, the user sees the option for changing the UI language. Note: Even if a user
o not configure this policy setting, the user sees the regional formats options for changing and customizing the user locale.
different than any of the system UI languages. If you disable or do not configure this policy setting, the user can specify which UI language
ble this policy setting, the language selection defaults to the language selected by the user. If you disable or do not configure this policy setti
uage selected by the local administrator. If you disable or do not configure this policy setting, there is no restriction of a specific language u
ts users from specifying a language different than the one used. To enable this policy setting in Windows Vista, use the "Restricts the UI la
icy is Disabled or Not Configured, then the user will be free to change the setting according to their preference. Note that the availability a
tion will be locked to not insert a space after selecting a text prediction. If the policy is Disabled or Not Configured, then the user will be fre
nfigured, then the user will be free to change the setting according to their preference. Note that the availability and function of this settin
n the user will be free to change the setting according to their preference. Note that the availability and function of this setting is depende
talled as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
he information will be uploaded to Microsoft to personalize speech. Automatic learning for speech may not be available for all languages,
ll numbers less than or equal to the specified value are interpreted as being preceded by 20. All numbers greater than the specified value a
URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known
URLs from the Internet Explorer browser history. The information that is stored includes word frequency and new words not already known
settings asynchronously, when logging on through Remote Desktop Services. If you disable or do not configure this policy setting, Window
sted fonts causes any usability or compatibility issues.
tting retains its existing value prior to GPO evaluation). The recognized bit locations are: PROCESS_CREATION_MITIGATION_POLICY_DEP_EN
tting retains its existing value prior to GPO evaluation). The recognized bit locations are: PROCESS_CREATION_MITIGATION_POLICY_DEP_EN
an online font provider and only enumerates locally-installed fonts. If you do not configure this policy setting, the default behavior depen
not participate in cross-device experiences. If you do not configure this policy setting, the default behavior depends on the Windows editio
or depends on the Windows edition. Changes to this policy take effect on reboot.
e is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in background
n the cache is read, Group Policy attempts to contact a logon domain controller to determine the link speed. When Group Policy runs in bac
me before running logon scripts. If you disable this policy setting, Group Policy will run scripts immediately after logon. If you do not con

the normal rules for evaluating if the Direct Access connection is a fast or slow network connection. If no bandwidth speed is detected, Gro
nchronous manner. Client computers will not wait for the network to be fully initialized at startup and logon. Existing users will be logged o
the system does not process and apply any Local GPOs. If you disable or do not configure this policy setting, Local GPOs continue to be app
e, configuring this policy setting overrides any system-computed wait times. If you enable this policy setting, Group Policy will use this adm
est. - Users do not receive their roaming profiles; they receive a local profile on the computer from the local forest. A warning message ap
tting overrides customized settings that the program implementing the software installation policy set when it was installed. If you enable
u can use the check boxes provided to change the options. If you disable or do not configure this policy setting, it has no effect on the syste
provided to change the options. If you disable or do not configure this policy setting, it has no effect on the system. The "Allow processing
d settings that the program implementing the folder redirection policy setting set when it was installed. If you enable this policy setting, yo
led. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this p
enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy settin
or do not configure this policy setting, it has no effect on the system. The "Do not apply during periodic background processing" option pr
ns. If you disable or do not configure this setting, it has no effect on the system. The "Allow processing across a slow network connection"
ge the options. If you disable or do not configure this policy setting, it has no effect on the system. The "Do not apply during periodic back
ck boxes provided to change the options. If you disable this setting or do not configure it, it has no effect on the system. The "Allow proces
provided to change the options. If you disable this setting or do not configure it, it has no effect on the system. The "Allow processing acro
ors. If you enable or disable this policy setting, by default administrators can view RSoP data. Note: To view RSoP data on a client computer
ors. If you enable or disable this policy setting, by default administrators can view RSoP data. Note: To view RSoP data on a client computer
nf directory and the source files stored in the GPO. If the local files are newer, they are copied into the GPO. Changing the status of this se
working. The frequency of updates is determined by the "Set Group Policy refresh interval for computers" and "Set Group Policy refresh in
tarts up. It also applies at a specified refresh interval or when manually invoked by the user. Note: This policy setting applies only to non-a
egistry entries in other subkeys. If you enable this policy setting, the "Show Policies Only" command is turned on, and administrators canno
Active Directory Snap-ins" indicates that the Group Policy Object Editor snap-in reads and writes changes to the domain controller that Acti
menting the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs'
menting the policy can specify the response to a slow link. Also, the policy processing settings in this folder lets you override the programs'
every 90 minutes, with a random offset of 0 to 30 minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minu
u select 0 minutes, the domain controller tries to update Group Policy every 7 seconds. However, because updates might interfere with use
andom offset of 0 to 30 minutes. If you enable this setting, you can specify an update rate from 0 to 64,800 minutes (45 days). If you selec
ng. If this setting is Disabled or Not Configured, the default display name of New Group Policy object is used.
object links for use on the system. If you disable this setting or do not configure it, new Group Policy object links are created in the enabled
ehavior: - If you originally created the GPO with, for example, an English system, the GPO contains English ADM files. - If you later edit th
. If you disable or do not configure this setting, RSoP logging is turned on. By default, RSoP logging is always on. Note: To view the RSoP in
ttings apply. If this setting is enabled, then, when a user logs on to this computer, the computer's Group Policy Objects determine which se
her case, configuring this policy setting overrides any system-computed wait times. If you enable this policy setting, Group Policy uses this
nd to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "A
o not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extensio
ng, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. T
do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this exten
even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processi
e this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned o
nd to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "A
ot configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension
kground processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Id
do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this exten
e Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across
cy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off. Notes:
ork connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By def
ble or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this
even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processin
this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off
ss even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow proces
e this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned off
d to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "All
re this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned o
be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background pr
sion for client computers. If you disable or do not configure this policy setting, by default event logging for this extension includes only war
connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default
u disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing f
processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." No
isable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for t
on, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, backgro
ble or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this
network connection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. B
e this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned o
nd processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle."
u disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing f
ess even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow proce
re this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned o
ection, to be applied during background processing, and to process even if the Group Policy objects (GPOs) are unchanged. By default, bac
disable or do not configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for
ss even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow proces
ure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turned
ocess even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow pro
nfigure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension is turn
nd to process even if the Group Policy objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "A
ot configure this policy setting, by default event logging for this extension includes only warnings and errors, and tracing for this extension
e of Application snap-ins. Enabling this policy setting does not override policy settings that restrict the use of preference extensions. If you
g. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use
able this policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for Com
ttings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy settin
Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If
If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use o
g. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use
disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the p
ou disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of th
ttings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setti
you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of th
tting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use
Panel Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" p
Settings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy s
tting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit
ttings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setti
Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If
tting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit us
you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of th
ettings (Users)" policy settings. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-ins" policy se
g overrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of
f you disable this policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of
verrides the "Restrict users to the explicitly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of th
his policy setting, you permit use of the Control Panel Settings item and all preference extensions under Control Panel Settings for User Con
Enabling this policy setting does not override policy settings that restrict the use of preference extensions. If you disable this policy setting

es in the specified folders and their subfolders. To restrict the commands to one or more folders, enable the policy setting and enter the d
ote: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configurati
ote: You can also restrict users from running applications by using the Software Restriction Policy settings available in Computer Configurati
cutable is turned off. This will allow certain legacy ActiveX controls to function without DEP shutting down HTML Help Executable. If you d
this policy setting, the default behavior applies (Help viewer renders trusted assistance content with active elements).

n turn on the Help Experience Improvement program feature from the Help and Support settings page.
onnection to the Internet and have not disabled Windows Online from the Help and Support Options page.
If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol
section are set such that their respective features can access the Internet. If you do not configure this policy setting, all of the the policy s
section are set such that their respective features can access the Internet. If you do not configure this policy setting, all of the the policy s
s XP and other products of companies and organizations that it considers trusted authorities. If you enable this policy setting, when you ar
ents this client from printing to Internet printers over HTTP. If you disable or do not configure this policy setting, users can choose to print t
ents this client from printing to Internet printers over HTTP. If you disable or do not configure this policy setting, users can choose to print t
nt drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HT
nt drivers cannot be downloaded over HTTP. If you disable or do not configure this policy setting, users can download print drivers over HT
ws Update is optional when installing a device. Also see "Turn off Windows Update device driver search prompt" in "Administrative Templ
ds information about the event to Microsoft, and allows users to learn more about why that event occurred. If you enable this policy settin
If you disable or do not configure this policy setting, the Help and Support Center retrieves and displays "Did you know?" content. You mi
n from the Help and Support Center "Set search options" page, and only Help content on the local computer is searched. If you disable or d
gure this policy setting, users can connect to Microsoft to download a list of ISPs for their area.
ration. Note that registration is optional and involves submitting some personal information to Microsoft. However, Windows Product Acti
crosoft via the Internet or to a corporate file share. This policy setting overrides any user setting made from the Control Panel for error rep
ither be notified about nor will you receive critical updates from Windows Update. This policy setting also prevents Device Manager from a
not download content updates during searches. If you disable or do not configure this policy setting, Search Companion downloads conten
g for using the Web service to open an unhandled file association are removed. If you disable or do not configure this policy setting, the us
g for using the Web service to open an unhandled file association are removed. If you disable or do not configure this policy setting, the us
p in the Store" item in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the
p in the Store" item in the Open With dialog is removed. If you disable or do not configure this policy setting, the user is allowed to use the
policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. If
policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed. If

tasks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
tasks in Windows folders. If you disable or do not configure this policy setting, the tasks are shown.
s Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. If you d
s Messenger does not collect usage information, and the user settings to enable the collection of usage information are not shown. If you d
ete, no salesperson will call, and you can continue working without interruption. It is simple and user-friendly. If you enable this policy setti
le this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that us
Group Policy setting. Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. If you disable or do not c
nistrator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, cl
do not configure it, this control will not be designated as administrator-approved. To specify how administrator-approved controls are han
ol will be available as an administrator approved control and can be run if the user specifies to run administrator-approved Active-X contro
ollowing steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Se
-approved. Select the check boxes for the controls that you want to designate as administrator-approved. To specify how administrator-ap
or-approved, click Enabled, and then select the check box for the control: -- MCSiMenu - enables Web authors to control the placement an
onfigure it, these controls will not be designated as administrator-approved. To specify how administrator-approved controls are handled
ot be designated as administrator-approved. To specify how administrator-approved controls are handled for each security zone, carry out
check boxes for the controls that you want to designate as administrator-approved. To specify how administrator-approved controls are ha
carry out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. D
strator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, clic
out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double
nto the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the
nto the background. If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the
loads websites and content in the background. If you don't configure this policy setting, users can turn this behavior on or off, using Intern
loads websites and content in the background. If you don't configure this policy setting, users can turn this behavior on or off, using Intern
revoked. If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. If you do n
revoked. If you disable this policy setting, Internet Explorer will not check server certificates to see if they have been revoked. If you do n
soft ClearType rendering engine.
soft ClearType rendering engine.
Browsing is turned on. If you disable this policy setting, Caret Browsing is turned off. If you do not configure this policy setting, Caret Brow
Browsing is turned on. If you disable this policy setting, Caret Browsing is turned off. If you do not configure this policy setting, Caret Brow
Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. If you disable this policy s
Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode. If you disable this policy s
when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, Internet Explorer 11 will use 32
when running in Enhanced Protected Mode on 64-bit versions of Windows. If you disable this policy setting, Internet Explorer 11 will use 32
and forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious w
and forces all websites to run in Enhanced Protected Mode. Enhanced Protected Mode provides additional protection against malicious w
tion List is enabled or inPrivate Browsing mode is used. For at least Internet Explorer 11: If you disable this policy setting, Internet Explorer
tion List is enabled or inPrivate Browsing mode is used. For at least Internet Explorer 11: If you disable this policy setting, Internet Explorer

1 through proxy connections.


1 through proxy connections.
n't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The defa
n't configure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The defa
policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The default is on.
policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Internet Options settings. The default is on.
will be used.
ion to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most prefer
ion to use. The browser and server attempt to match each other’s list of supported protocols and versions, and they select the most prefer
use Reset Internet Explorer Settings.
use Reset Internet Explorer Settings.
ading them to user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable progra
ading them to user computers. If you disable this policy setting, Internet Explorer will not check the digital signatures of executable progra
r. If you disable this policy setting, browser helper objects do not launch. If you do not configure this policy, Internet Explorer automatical
r. If you disable this policy setting, browser helper objects do not launch. If you do not configure this policy, Internet Explorer automatical
setting, Web components such as fonts will be automatically installed as necessary. If you disable this policy setting, users will be prompte
setting, Web components such as fonts will be automatically installed as necessary. If you disable this policy setting, users will be prompte
icy setting, users will be prompted when non-Internet Explorer components would be installed. If you do not configure this policy setting,
icy setting, users will be prompted when non-Internet Explorer components would be installed. If you do not configure this policy setting,
download new versions when they are available. If you disable this policy setting, Internet Explorer does not check the Internet for new ve
download new versions when they are available. If you disable this policy setting, Internet Explorer does not check the Internet for new ve
stall files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature.
stall files with an invalid signature. If you do not configure this policy, users can choose to run or install files with an invalid signature.
imated pictures, helping pages display more quickly. If you do not configure this policy setting, Internet Explorer will play animated picture
imated pictures, helping pages display more quickly. If you do not configure this policy setting, Internet Explorer will play animated picture
ontent, helping pages display more quickly. If you enable this policy setting, Internet Explorer will play sounds found in Web content.
ontent, helping pages display more quickly. If you enable this policy setting, Internet Explorer will play sounds found in Web content.
display more quickly. If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
display more quickly. If you do not configure this policy setting, Internet Explorer will play videos found in Web content.
t time, users can also choose to allow this information to be shared with the Web site in the future without being prompted. If you do not
t time, users can also choose to allow this information to be shared with the Web site in the future without being prompted. If you do not
plorer will save encrypted pages containing secure (HTTPS) information to the cache. If you do not configure this policy, Internet Explorer
plorer will save encrypted pages containing secure (HTTPS) information to the cache. If you do not configure this policy, Internet Explorer
's Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting, Internet Explorer will not delete t
's Temporary Internet Files folder when all browser windows are closed. If you disable this policy setting, Internet Explorer will not delete t
the Content tab of the Internet Options dialog box. Note: This policy is no longer supported starting with Windows 10 Version 1607.
the Content tab of the Internet Options dialog box. Note: This policy is no longer supported starting with Windows 10 Version 1607.
ff. The user cannot turn it on. If you do not configure this policy setting, the user can turn on or turn off inline AutoComplete. By default, in
e AutoComplete for File Explorer is turned on. The user cannot turn it off. If you do not configure this policy setting, a user will have the fr

t turn off script debugging. If you disable this policy setting, script debugging is turned off. The user cannot turn on script debugging. If yo
about how to correct the problem. The user cannot change this policy setting. If you disable this policy setting, when there is a problem co
gure this policy setting, the user can turn on or off page transitions. This feature only applies to versions of Internet Explorer up to and inclu
tting. If you disable this policy setting, the user is not shown script errors when a page does not appear properly because of problems with
oft Edge from Internet Explorer.
Edge from Internet Explorer can be configured by the user.
Edge from Internet Explorer can be configured by the user.

on't configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.
on't configure this policy setting, users can turn this behavior on or off, using Internet Explorer settings. The default is on.
tent that is searched for new information and downloaded. Caution: Although the Maximum Number of Offline Pages option determines
ctive Desktop items from Microsoft's Active Desktop Gallery, to their desktop. If you disable this policy or do not configure it, users can ad
disable this policy or do not configure it, users can add new offline content schedules. This policy is intended for organizations that are con
roviders can record information about when their channel pages are viewed by users who are working offline.
ot configure it, users can view and subscribe to channels from the Channel bar interface.
ynchronize, select a Web page, click the Properties button, and then click the Schedule tab. If you disable this policy or do not configure it,
Web page, and then click the Properties button, no properties are displayed. Users do not receive an alert stating that the command is una
s intended to help administrators ensure that users' computers are being updated uniformly across their organization. Note: This policy do
e selected but dimmed. To display the Make This Page Available Offline check box, users click the Tools menu, click Synchronize, and then c
Synchronize, select a Web page, click the Properties button, and then click the Schedule tab. If you disable this policy, then Web pages can
ontent has been updated since the last time the user synchronized with or visited the page. If you disable this policy or do not configure it
If you disable or do not configure this policy setting, the user can specify the download path for the code.

policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes th
policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes th
ns tab from the interface: "Disable Internet Connection Wizard" "Disable changing connection settings" "Prevent changing proxy settings"
ns tab from the interface: "Disable Internet Connection Wizard" "Disable changing connection settings" "Prevent changing proxy settings"

ted in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General t
ted in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\), because this policy removes the General t

rams tab from the interface: "Disable changing Messaging settings" "Disable changing Calendar and Contact settings" "Disable the Reset
rams tab from the interface: "Disable changing Messaging settings" "Disable changing Calendar and Contact settings" "Disable the Reset
ecause this policy removes the Security tab from the interface: "Security zones: Do not allow users to change policies" "Security zones: Do
ecause this policy removes the Security tab from the interface: "Security zones: Do not allow users to change policies" "Security zones: Do
main names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to ID
main names are converted to IDN format only for addresses that are not in the Intranet zone. 2) Unicode domain names are converted to ID
strings for URLs that are in the Intranet zone. 3) Always encode query strings. If you disable or don't configure this policy setting, users ca
strings for URLs that are in the Intranet zone. 3) Always encode query strings. If you disable or don't configure this policy setting, users ca
er. The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under
er. The user can change this behavior on the Internet Explorer Tools menu: Click Internet Options, click the Advanced tab, and then under

setting. If you disable this policy setting, Internet Explorer allows sending the path portion of URLs as UTF-8. The user cannot change this p

his policy setting, the user cannot specify the cipher strength update information URL. You must specify the cipher strength update informa
ection Wizard does not start automatically. The user can start the wizard manually. If you do not configure this policy setting, the user can
policy setting on or off regardless of the "Turn off blocking of outdated ActiveX controls for Internet Explorer" or "Turn off blocking of outd
policy setting on or off regardless of the "Turn off blocking of outdated ActiveX controls for Internet Explorer" or "Turn off blocking of outd
ate with newly outdated controls, potentially compromising the security of your computer. If you disable or don't configure this setting, IE
me" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the u
me" button on the warning message that appears when Internet Explorer blocks an outdated ActiveX control. Clicking this button lets the u
domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" 2. "hostname". For example, if you want to i
domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com" 2. "hostname". For example, if you want to i
utdated ActiveX Controls" in the Internet Explorer TechNet library.
utdated ActiveX Controls" in the Internet Explorer TechNet library.
which defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can enter a list of add-ons to
which defines whether add-ons not listed here are assumed to be denied. If you enable this policy setting, you can enter a list of add-ons to
r denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed wit
r denied through Group Policy. However, users can still use the Add-on Manager within Internet Explorer to manage add-ons not listed wit
agement user preferences and policy settings. If you disable or do not configure this policy setting, all processes will not respect add-on m
agement user preferences and policy settings. If you disable or do not configure this policy setting, all processes will not respect add-on m
ocess list. If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preference
ocess list. If you enable this policy setting and enter a Value of 1, the process entered will respect the add-on management user preference
tted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notati
tted in each zone for which Script and Binary Behaviors is set to 'admin-approved'. Behaviors must be entered in #package#behavior notati
ologies. If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing t
ologies. If you disable or do not configure this policy setting, Internet Explorer 9 does not install binaries signed by MD2 and MD4 signing t
ou disable or do not configure this policy setting, binary behaviors are allowed for all processes.
ou disable or do not configure this policy setting, binary behaviors are allowed for all processes.
tting, binary behaviors are allowed for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, binary b
tting, binary behaviors are allowed for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, binary b
e this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value
e this policy setting and enter a Value of 1 binary behaviors are prevented. If you enter a Value of 0 binary behaviors are allowed. The Value
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Cons
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Cons
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Inter
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. If you enable this policy setting, Inter
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrat
ernet Explorer renames the file by saving it in the Internet Explorer cache and changing its extension. This policy setting allows administrat
g, the Notification bar will be displayed for all processes. If you disable or do not configure this policy setting, the Notification bar will not b
g, the Notification bar will be displayed for all processes. If you disable or do not configure this policy setting, the Notification bar will not b
ternet Explorer processes. If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
ternet Explorer processes. If you do not configure this policy setting, the Notification bar will be displayed for Internet Explorer Processes.
ation bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Valu
ation bar is displayed. If you enter a Value of 0 the Notification bar is not displayed. The Value Name is the name of the executable. If a Valu
zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Machine zone security applies to
zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local Machine zone security applies to
ttacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local M
ttacks where the Local Machine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting, the Local M
achine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1, Local Machine
achine zone is used as an attack vector to load malicious HTML code. If you enable this policy setting and enter a value of 1, Local Machine

do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
do not configure this policy setting, MIME sniffing will never promote a file of one type to a more dangerous file type.
moted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the
moted to more dangerous file types. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the

MK protocol will work for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, the MK Protocol is pre
MK protocol will work for the File Explorer and Internet Explorer processes. If you do not configure this policy setting, the MK Protocol is pre
of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet E
of the MK protocol is allowed. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet E
orer. If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than Fil
orer. If you disable this policy setting, restricting content obtained through restricted protocols is prevented for all processes other than Fil
processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http
processes. For example, you can restrict active content from pages served over the http and https protocols by adding the value names http
or allowed. If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If y
or allowed. If you enable this policy setting and enter a Value of 1, restricting content obtained through restricted protocols is allowed. If y
ricted Zone sites.
ricted Zone sites.
et Explorer processes. If you do not configure this policy setting, an object reference is no longer accessible when navigating within or acro
et Explorer processes. If you do not configure this policy setting, an object reference is no longer accessible when navigating within or acro
references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the V
references to objects are still accessible after navigation. The Value Name is the name of the executable. If a Value Name is empty or the V
ng, any zone can be protected from zone elevation for all processes. If you disable or do not configure this policy setting, processes other t
ng, any zone can be protected from zone elevation for all processes. If you disable or do not configure this policy setting, processes other t
n if there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer proces
n if there is no security context. If you enable this policy setting, any zone can be protected from zone elevation by Internet Explorer proces
igation if there is no security context. This policy setting allows administrators to define applications for which they want this security featu
igation if there is no security context. This policy setting allows administrators to define applications for which they want this security featu
ation for all processes.
ation for all processes.
preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
preference will be used to determine whether to block ActiveX control installations for Internet Explorer processes.
ty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet E
ty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet E
s that are not user initiated for all processes.
s that are not user initiated for all processes.
ce determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
ce determines whether to prompt for file downloads that are not user initiated for Internet Explorer processes.
lue Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the
lue Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the
s. If you disable or do not configure this policy setting, scripted windows are not restricted.
s. If you disable or do not configure this policy setting, scripted windows are not restricted.
File Explorer and Internet Explorer processes. If you disable this policy setting, scripts can continue to create popup windows and window
File Explorer and Internet Explorer processes. If you disable this policy setting, scripts can continue to create popup windows and window
ant this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, such windows may not be open
ant this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, such windows may not be open
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
tting for a zone, this sets the list of protocols to be restricted if that zone is set to Prompt or Disable for "Allow active content over restricted
etection feature for add-on management will be functional.
etection feature for add-on management will be functional.
you disable this policy setting, users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able
you disable this policy setting, users won't receive enhanced suggestions while typing in the Address bar. In addition, users won't be able

y keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can
y keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can
nu bar is turned off by default. The user can turn on or turn off the menu bar.
nu bar is turned off by default. The user can turn on or turn off the menu bar.

n signing up for Internet services. This policy is intended for administrators who want to maintain a consistent browser across an organizati
Disable the Advanced page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Inte
for example, "MSIE 7.0").
for example, "MSIE 7.0").
matic Detection, unless specified by the user.
ould be disabled.
ould be disabled.
orms only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website add
orms only local analysis, and the user is prompted to permit any data to be sent to Microsoft. If the feature is fully enabled, all website add
that are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If you disable or do not configure this
that are not on the filter's allow list are sent automatically to Microsoft without prompting the user. If you disable or do not configure this
crosoft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on
crosoft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide whether to turn on
gure this policy setting, the user can bypass SmartScreen Filter warnings.
gure this policy setting, the user can bypass SmartScreen Filter warnings.

de options for printing, customizing Internet Explorer, copying and pasting text, managing favorites, and accessing Help. If you enable this p
. If you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level. You may also want to enab
. If you disable or do not configure this policy setting, the user can manage pop-ups by changing the filter level. You may also want to enab

xplorer features. The user cannot turn on logging. If you do not configure this policy setting, the user can change the logging settings.
xplorer features. The user cannot turn on logging. If you do not configure this policy setting, the user can change the logging settings.
ps. The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, manag
ps. The menu bar contains menus that open lists of commands for printing, customizing Internet Explorer, copying and pasting text, manag
e allows the user to export favorites, feeds and cookies to a file. If you enable this policy setting, the user will not be able to use the Import
e allows the user to export favorites, feeds and cookies to a file. If you enable this policy setting, the user will not be able to use the Import
n the Privacy tab.
n the Privacy tab.
ash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all ad
ash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all ad

Identity option will be removed from the File menu in Address Book. If you disable this policy or do not configure it, users can set up and
r Objects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition. If you enable this policy setting, n
r Objects, or Explorer bars. ActiveX controls are referred to as plug-ins and are not part of this definition. If you enable this policy setting, n
allows the user to disable add-ons and configure the threshold. If you enable this policy setting, users are not notified when the average ti
allows the user to disable add-ons and configure the threshold. If you enable this policy setting, users are not notified when the average ti
nfigure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
nfigure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
ystem. If you enable the Media Explorer Bar or do not configure it, users can show and hide the Media Explorer Bar. Administrators also ha
ory button on the Settings charm. If you disable or do not configure this policy setting, the user can access the Delete Browsing History dia
ory button on the Settings charm. If you disable or do not configure this policy setting, the user can access the Delete Browsing History dia
she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
icks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
icks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
his policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. If the "Prevent access t
his policy setting, the user can choose whether to delete or preserve visited websites when he or she clicks Delete. If the "Prevent access t
r preserve download history when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this
r preserve download history when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this
er to delete or preserve temporary Internet files when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setti
er to delete or preserve temporary Internet files when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setti
ved when the user clicks Delete. If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete. If you do n
ved when the user clicks Delete. If you disable this policy setting, InPrivate Filtering data is deleted when the user clicks Delete. If you do n
ser is browsing. With at least Internet Explorer 11: This policy setting prevents users from deleting ActiveX Filtering data, Tracking Protectio
ser is browsing. With at least Internet Explorer 11: This policy setting prevents users from deleting ActiveX Filtering data, Tracking Protectio
e favorites site data when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy se
e favorites site data when he or she clicks Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy se
g, deleting browsing history on exit is turned off. If you do not configure this policy setting, it can be configured on the General tab in Inter
g, deleting browsing history on exit is turned off. If you do not configure this policy setting, it can be configured on the General tab in Inter
g with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which opti
g with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which opti
figure this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access
figure this policy setting, the Internet Explorer Help menu is available to the user. The user can also use the Command bar and F1 to access
enable this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turn
enable this policy setting, Internet Explorer does not enumerate search providers for the Accelerators infrastructure. If Accelerators are turn

the administrator control which components the user installs.


ve ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of
ve ample physical memory. The default setting creates the optimal number of tab processes based on the operating system and amount of
not display UI during shutdown (default behavior in Internet Explorer 9).
not display UI during shutdown (default behavior in Internet Explorer 9).

related entry points appear on the user interface for Internet Explorer, and the user cannot turn them off. If you do not configure this polic
related entry points appear on the user interface for Internet Explorer, and the user cannot turn them off. If you do not configure this polic
abs. If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.
abs. If you disable or do not configure this policy setting, Internet Explorer uses the user's setting for pop-up windows in tabbed browsing.
ble. This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified
b is created in this scenario. • Open a new Internet Explorer window. If you disable or do not configure this policy setting, the user can co
b is created in this scenario. • Open a new Internet Explorer window. If you disable or do not configure this policy setting, the user can co
specify to enable or disable the blocking of attachments in options.
dcards are allowed, so *.contoso.com is also valid. If you disable this or do not configure this policy setting, you will not be able to provide
dcards are allowed, so *.contoso.com is also valid. If you disable this or do not configure this policy setting, you will not be able to provide
strative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disab
using Internet Explorer Maintenance under Admin Templates using group policy editor. If you disable or do no configure this policy settin
using Internet Explorer Maintenance under Admin Templates using group policy editor. If you disable or do no configure this policy settin
ot configure it, users can change their cache settings. If you set the "Disable the General page" policy (located in \User Configuration\Adm
schedules and contacts, if programs that perform these tasks are installed. This "Disable the Programs Page" policy (located in \User Config
es that have already been accepted. The "Disable the Content page" policy (located in \User Configuration\Administrative Templates\Wind
owser. When Internet Explorer performs this check, it prompts the user to specify which browser to use as the default. This policy is intend
o not configure this policy setting, users can choose whether to be notified that Internet Explorer is not the default web browser through t
color of Web pages. If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows C
net Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Co
net Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Connections page" policy removes the Co
ernet Connection Wizard. If you disable this policy or do not configure it, users can change their connection settings by running the Interne
e" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you d
orms. To display this option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.
cannot change "User name and passwords on forms" or "prompt me to save passwords". The Auto Complete feature for User names and
of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users
of the pages in the History List. You must specify the number of days that Internet Explorer tracks views of pages in the History List. Users
e other home page policies. If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their
ot configure this policy setting, the user can add secondary home pages. Note: If the “Disable Changing Home Page Settings” policy is ena
ot configure this policy setting, the user can add secondary home pages. Note: If the “Disable Changing Home Page Settings” policy is ena
Web sites for languages in which the character set has been installed. If you set the "Disable the General page" policy (located in \User Con
If you set the "Disable the General page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet
wing newsgroups, and placing Internet calls, if programs that perform these tasks are installed. The "Disable the Programs page" policy (loc
e Internet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
e Internet Explorer process's Pop-Up Blocker settings by enabling the "Specify pop-up allow list" policy setting.
gh windows launched off screen will continue to be re-positioned onscreen. If you disable or do not configure this policy setting, the popu
gh windows launched off screen will continue to be re-positioned onscreen. If you disable or do not configure this policy setting, the popu
\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet

e Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Ratings tab from Internet Explorer in Con
ates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control P
ry Internet files and cookies.
ry Internet files and cookies.
e the auto-complete for web-address setting. If you do not configure this policy setting, a user will have the freedom to choose to turn the
e the auto-complete for web-address setting. If you do not configure this policy setting, a user will have the freedom to choose to turn the
AutoComplete for providing relevant results in the Address bar. The user cannot change this setting. If you disable this policy setting, Inter
AutoComplete for providing relevant results in the Address bar. The user cannot change this setting. If you disable this policy setting, Inter
etting, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions. If you do not configure this policy setting, URL
etting, URL Suggestions will be turned on. Users will not be able to turn off URL Suggestions. If you do not configure this policy setting, URL
sers can press F3 to search the Internet (from Internet Explorer) or the hard disk (from File Explorer). This policy is intended for situations
cy is designed to help administrators maintain consistent settings for searching across an organization.
ecurity zone settings apply uniformly to the same computer and do not vary from user to user. Also, see the "Security zones: Do not allow
one settings established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administrative T
e it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zo
you disable this policy or do not configure it, users will be notified before their programs are updated. This policy is intended for administr
If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers in
If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers in
e Help menu. If you do not configure this policy setting, the user can choose to participate in the CEIP.
e Help menu. If you do not configure this policy setting, the user can choose to participate in the CEIP.
+Shift+Select. If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
+Shift+Select. If you disable or do not configure this policy setting, the user can configure how new tabs are created by default.
ry from user to user.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone can run automatically.
not configure this policy setting, script code on pages in the zone can run automatically.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.
es not see the per-site ActiveX prompt, and ActiveX controls can run from all sites in this zone.

wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
pop-up windows are prevented from appearing.
pop-up windows are prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
script injections.
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
do not configure or disable this policy setting, VBScript is prevented from running.
do not configure or disable this policy setting, VBScript is prevented from running.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
pop-up windows are prevented from appearing.
pop-up windows are prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, VBScript is prevented from running.
do not configure or disable this policy setting, VBScript is prevented from running.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone can run automatically.
not configure this policy setting, script code on pages in the zone can run automatically.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins

unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
do not configure or disable this policy setting, VBScript will run without user intervention.
do not configure or disable this policy setting, VBScript will run without user intervention.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users are queried whether to dow
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
talling desktop items from this zone. If you do not configure this policy setting, users are queried to choose whether to install desktop item
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone can run automatically.
not configure this policy setting, script code on pages in the zone can run automatically.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users can run unsigned controls
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users can run unsigned controls
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, VBScript will run without user intervention.
do not configure or disable this policy setting, VBScript will run without user intervention.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone is prevented from running.
not configure this policy setting, script code on pages in the zone is prevented from running.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script cannot perform a clipboard operation.
on. If you do not configure this policy setting, a script cannot perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
pop-up windows are prevented from appearing.
pop-up windows are prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloa
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloa
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files are prevented from being downloaded from the zone.
gure this policy setting, files are prevented from being downloaded from the zone.
onfigure this policy setting, users are queried whether to allow HTML fonts to download.
onfigure this policy setting, users are queried whether to allow HTML fonts to download.
talling desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this
talling desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
rom other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applicati
rom other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applicati
affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow c
affected, even for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow c
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction is prevented from occurring.
f you do not configure this policy setting, script interaction is prevented from occurring.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts are prevented from accessing applets.
gure this policy setting, scripts are prevented from accessing applets.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, VBScript is prevented from running.
do not configure or disable this policy setting, VBScript is prevented from running.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone is prevented from running.
not configure this policy setting, script code on pages in the zone is prevented from running.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script cannot perform a clipboard operation.
on. If you do not configure this policy setting, a script cannot perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
pop-up windows are prevented from appearing.
pop-up windows are prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloa
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, signed controls cannot be downloa
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users are queried to choose whether to drag
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are not rendered by default in this zone.
gure this policy setting, files are prevented from being downloaded from the zone.
gure this policy setting, files are prevented from being downloaded from the zone.
onfigure this policy setting, users are queried whether to allow HTML fonts to download.
onfigure this policy setting, users are queried whether to allow HTML fonts to download.
talling desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this
talling desktop items from this zone. If you do not configure this policy setting, users are prevented from installing desktop items from this
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
rom other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applicati
rom other domains. If you disable this policy setting, users cannot open other windows and frames from other domains or access applicati
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction is prevented from occurring.
f you do not configure this policy setting, script interaction is prevented from occurring.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts are prevented from accessing applets.
gure this policy setting, scripts are prevented from accessing applets.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, VBScript is prevented from running.
do not configure or disable this policy setting, VBScript is prevented from running.
one (so would typically be in the Internet Zone). If you do not configure this policy setting, users choose whether to force local sites into th
one (so would typically be in the Internet Zone). If you do not configure this policy setting, users choose whether to force local sites into th
o not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced
o not configure this policy setting, the user can choose whether the certificate address mismatch warning appears (by using the Advanced
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
f you do not configure this template policy setting, no security level is configured. Note. Local Machine Zone Lockdown Security and Netw
icy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
icy setting, users choose whether sites which bypass the proxy server are mapped into the Intranet Zone.
are mapped into the Intranet Zone.
are mapped into the Intranet Zone.
cted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sit
cted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sit
however they are configured. If this policy setting is not configured, the user can choose whether or not to automatically detect the intran
however they are configured. If this policy setting is not configured, the user can choose whether or not to automatically detect the intran
is policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as th
is policy setting, a Notification bar notification does not appear when the user loads content from an intranet site that is being treated as th
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, script code on pages in the zone can run automatically.
not configure this policy setting, script code on pages in the zone can run automatically.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users are queried to choose whe
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users are queried to choose whe
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
n for protocols on the restricted list. If you select Prompt from the drop-down box, the Notification bar will appear to allow control over qu
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins
mpt. If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have ins

unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
unning. If you do not configure this policy setting, controls and plug-ins can run without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer won't check with your an
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
rompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy setti
do not configure or disable this policy setting, VBScript will run without user intervention.
do not configure or disable this policy setting, VBScript will run without user intervention.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
setting, the user can choose whether websites can open new Internet Explorer Windows that have no status bar or Address bar.
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y
dio and video files. If you enable this policy setting, video and animation can be played through older media players in specified zones. If y

icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
icy setting, the first-run prompt is turned on in the corresponding zone. If you do not configure this policy setting, the first-run prompt is tu
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
e via an HTML form. If you disable this policy setting, path information is removed when the user is uploading a file via an HTML form. If y
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone
in this zone for malicious content. Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone

nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
nnot turn on Protected Mode. If you do not configure this policy setting, the user can turn on or turn off Protected Mode.
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
appears before the files open. If you disable this policy setting, these files do not open. If you do not configure this policy setting, the user
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
rnet Explorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XBAPs. If yo
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
cess to the WebBrowser control is allowed only in the Local Machine and Intranet zones.
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
y setting, .NET Framework Setup is turned off. The user cannot change this behavior. If you disable this policy setting, .NET Framework Setu
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
xplorer. The user cannot change this behavior. If you set the drop-down box to Prompt, the user is prompted for loading XAML files. If you
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
er is prompted for loading XPS files. If you disable this policy setting, XPS files are not loaded inside Internet Explorer. The user cannot cha
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone. If you disable this policy setting, us
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
not configure this policy setting, users are queried to choose whether to allow script code on pages in the Local Machine zone to run.
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
wser that loads a page containing an active Meta Refresh setting cannot be redirected to another Web page. If you do not configure this p
on. If you do not configure this policy setting, a script can perform a clipboard operation.
on. If you do not configure this policy setting, a script can perform a clipboard operation.
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
n policy are available. If you disable this policy setting, binary and script behaviors are not available unless applications have implemented
are not prevented from appearing.
are not prevented from appearing.
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
nt to display the nonsecure items?) and nonsecure content can be displayed. If the drop-down box is set to Prompt, the user will receive th
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
ble the policy setting, signed controls cannot be downloaded. If you do not configure this policy setting, users can download signed contro
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
u disable this policy setting, users cannot run unsigned controls. If you do not configure this policy setting, users cannot run unsigned contr
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
ng files or copying and pasting files from this zone. If you do not configure this policy setting, users can drag files or copy and paste files fro
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
g on the Security tab of the Internet Options dialog box. Filters are rendered by default in this zone.
gure this policy setting, files can be downloaded from the zone.
gure this policy setting, files can be downloaded from the zone.
onfigure this policy setting, HTML fonts can be downloaded automatically.
onfigure this policy setting, HTML fonts can be downloaded automatically.
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
talling desktop items from this zone. If you do not configure this policy setting, users can install desktop items from this zone automatically
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tch space (a safe and secure storage area on the client computer) and user-controlled file I/O. High Safety enables applets to run in their sa
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
tions and download files from IFRAMEs on the pages in this zone. If you disable this policy setting, users are prevented from running applic
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
used silently for the remainder of the session. Automatic logon only in Intranet zone to query users for user IDs and passwords in other zon
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
his policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dicta
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
isable, users cannot drag content from one domain to a different domain when the source and destination are in the same window. Users
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
Disable, users cannot drag content from one domain to a different domain when both the source and destination are in different windows.
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
you disable this policy setting, users cannot open windows and frames to access applications from different domains. If you do not config
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
nt Authentication" message when they connect to a Web site that has no certificate or only one certificate. If you do not configure this pol
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
mpt. If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on th
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download promp
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
unning. If you do not configure this policy setting, controls and plug-ins are prevented from running.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
f you do not configure this policy setting, script interaction can occur automatically without user intervention.
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
if it's safe to create an instance of the ActiveX control. If you don't configure this policy setting, Internet Explorer always checks with your
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
veX controls marked safe for scripting option. If you enable this policy setting and select Prompt in the drop-down box, users are queried w
gure this policy setting, scripts can access applets automatically without user intervention.
gure this policy setting, scripts can access applets automatically without user intervention.
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
wn box, Internet Explorer will prompt the user to determine whether to execute signed managed components. If you disable this policy se
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
users to be notified of software updates by e-mail and software packages to be automatically downloaded to (but not installed on) users' c
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
e queried to choose whether to allow information using HTML forms on pages in this zone to be submitted. If you disable this policy settin
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
op-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components. If you disable this
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
ore, or directly within a Web page saved to disk. If you disable this policy setting, users cannot preserve information in the browser's histor
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature will be on in this zone as
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
mpt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur. If you disable this policy settin
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.
do not configure or disable this policy setting, users are asked to choose whether to allow VBScript to run.

you disable or do not configure this policy setting, the user can specify the color of links not yet clicked.
you disable or do not configure this policy setting, the user can specify the color of links already clicked.

ommand is not available.


g the entire contents that are displayed or run from a Web Page, such as graphics, scripts, and linked files, but does not prevent users from
markup language (HTML) files or as text files, but graphics, scripts, and other elements are not saved. To display the Save Web Page dialog b
can open a new browser window from the File menu. Caution: This policy does not prevent users from opening a new browser window by
his policy does not prevent users from right-clicking a link on a Web page, and then clicking the Open or Open in New Window command.

users from the Microsoft Internet Explorer Help file.

is unavailable. If you disable this policy or do not configure it, users can manage their Favorites list. Note: If you enable this policy, users a
New menu option" policy, which prevents users from opening the browser in a new window by clicking the File menu, pointing to New, and
an download programs from their browsers.
r will not be available, and users will not see printers under the Devices charm. If you disable or do not configure this policy setting, the Pri
r will not be available, and users will not see printers under the Devices charm. If you disable or do not configure this policy setting, the Pri
you disable this policy or do not configure it, users can change their Internet settings from the browser Tools menu. Caution: This policy d

wser without toolbars, which might be confusing for some beginning users.
Web page by right-clicking a Web page to open the shortcut menu, and then clicking View Source. To prevent users from viewing the HTM
n on or off automatic image resizing.
cking the icon that represents the image and then clicking Show Picture. The "Allow the display of image download placeholders" policy setti
cs in HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.
cs in HTML5 media elements" setting on the Advanced tab in the Internet Options dialog box.
user cannot change this policy setting. The "Turn off image display" policy setting must be disabled if this policy setting is enabled. If you di

If you disable this policy setting, the printing of background colors and images is turned off. The user cannot turn it on. If you do not confi

eed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Fee
eed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Fee
ou disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Exp
ou disable or do not configure this policy setting, the user can subscribe to a feed or Web Slice through the Subscribe button in Internet Exp
ick the feed discovery button.
ick the feed discovery button.

does not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection. A de
does not authenticate feeds to servers by using the Basic authentication scheme in combination with a less secure HTTP connection. A de
sed and enabled. If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attem
sed and enabled. If you disable this policy setting, the user is prompted when a script that is running in any process on the computer attem
s, if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting, the user is prompted w
s, if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting, the user is prompted w
any process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting. If you enab
any process" policy setting is enabled, the processes configured in this policy setting take precedence over that policy setting. If you enab
Search button. • Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed
Search button. • Display the results in the main window: When the user searches on the Address bar, the list of search results is displayed
bar, the user is directed to an external top result website determined by the search provider, if available. If you enable this policy setting, y
bar, the user is directed to an external top result website determined by the search provider, if available. If you enable this policy setting, y

URI will be interpreted as a failed URL. If you disable this policy setting, Data URI support is turned on. If you do not configure this policy s
URI will be interpreted as a failed URL. If you disable this policy setting, Data URI support is turned on. If you do not configure this policy s
the SetProcessDEPPolicy function to turn on Data Execution Prevention on platforms that support the function. This policy setting has no e
Users and developers will not be able to depend on the reveal password button being displayed in any web form or web application. If you
Users and developers will not be able to depend on the reveal password button being displayed in any web form or web application. If you
ions of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.
ions of Internet Explorer before Internet Explorer 8, the default connection limit for HTTP 1.1 was 2.

ross domains by using the XDomainRequest object. If you disable or do not configure this policy setting, websites can request data across d
ross domains by using the XDomainRequest object. If you disable or do not configure this policy setting, websites can request data across d
a through a server. If you enable this policy setting, websites cannot request data across domains by using the WebSocket object. If you di
a through a server. If you enable this policy setting, websites cannot request data across domains by using the WebSocket object. If you di

vior. If you disable this policy setting, Internet Explorer is not started automatically to complete the signup process after the branding is co
this check. If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, a
this check. If you enable this policy setting, the toolbar upgrade tool does not check for incompatible toolbars. The user is not prompted, a

is policy can be used in coordination with the "Disable customizing browser toolbar buttons" policy, which prevents users from adding or re
er. If you enable this policy, the Customize option will be removed from the menu. If you disable this policy or do not configure it, users ca

the Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
the Stop and Refresh buttons are next to the Address bar by default, and the user can choose to move them.
selective text: Some command buttons have only text; some have icons and text. Show only icons: All command buttons have only icons. I
selective text: Some command buttons have only text; some have icons and text. Show only icons: All command buttons have only icons. I
e 16 x 16 pixels, and the user can make them bigger (20 x 20 pixels).
e 16 x 16 pixels, and the user can make them bigger (20 x 20 pixels).

updates to Internet Explorer and Internet Tools.


ot ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security check
ot ask the user for permission to load an ActiveX control, and Internet Explorer loads the control if it passes all other internal security check

policy setting, the entry points and functionality associated with this feature are turned off. If you do not configure this policy setting, the u
policy setting, the entry points and functionality associated with this feature are turned off. If you do not configure this policy setting, the u
y setting, InPrivate Browsing can be turned on or off through the registry.
y setting, InPrivate Browsing can be turned on or off through the registry.
ng session. If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session. If you do not c
ng session. If you disable this policy setting, toolbars and BHOs are loaded by default during an InPrivate Browsing session. If you do not c
ate Filtering collection is turned on. If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on
ate Filtering collection is turned on. If you do not configure this policy setting, InPrivate Filtering data collection can be turned on or off on
owed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this po
owed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this po
essions, and InPrivate Filtering data is not collected. If you disable this policy setting, InPrivate Filtering is available for use. If you do not co
essions, and InPrivate Filtering data is not collected. If you disable this policy setting, InPrivate Filtering is available for use. If you do not co
llowed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this p
llowed value range is 3 through 30. If you enable this policy setting, the selected value is enforced. If you disable or do not configure this p
ing sessions, and Tracking Protection data is not collected. If you disable this policy setting, Tracking Protection is available for use. If you d
ing sessions, and Tracking Protection data is not collected. If you disable this policy setting, Tracking Protection is available for use. If you d
user has Accelerators that are provided through first use of the browser.
user has Accelerators that are provided through first use of the browser.
has Accelerators that are provided through first use of the browser.
has Accelerators that are provided through first use of the browser.

tring (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This
tring (with an additional string appended). Additionally, all Standards Mode webpages appear in Internet Explorer 7 Standards Mode. This
atibility View sites list.
atibility View sites list.
Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. If you disable this policy setting, Intern
Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box. If you disable this policy setting, Intern

te lists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box. If you do not co
te lists are not used. Additionally, the user cannot activate the feature by using the Compatibility View Settings dialog box. If you do not co

g on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports. If you disable o
g on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports. If you disable o
ng Enterprise Mode IE. If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
ng Enterprise Mode IE. If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
t included in the Enterprise Mode Site List in Microsoft Edge. Disabling, or not configuring this setting, opens all sites based on the current
t included in the Enterprise Mode Site List in Microsoft Edge. Disabling, or not configuring this setting, opens all sites based on the current
havior occurs and no additional page appears.
havior occurs and no additional page appears.
databases and application caches.
databases and application caches.
website database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites wil
website database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites wil
up policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cach
up policy sets the maximum data storage limit for domains that are trusted by users. When you set this policy setting, you provide the cach
e this policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB. If you disable or do not configure
e this policy setting, you can set the maximum storage limit for all indexed databases. The default is 4 GB. If you disable or do not configure
te database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be ab
te database and caches on Website Data Settings will be unavailable to users. If you do not configure this policy setting, websites will be ab
This group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide th
This group policy sets the maximum file storage limit for domains that are trusted by users. When you set this policy setting, you provide th
olicy setting, you can set the maximum storage limit for all application caches. The default is 1 GB. If you disable or do not configure this p
olicy setting, you can set the maximum storage limit for all application caches. The default is 1 GB. If you disable or do not configure this p
et in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expirati
et in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default application cache expirati
, you provide the resource limit as a number. The default is 1000 resources. If you enable this policy setting, Internet Explorer will allow the
, you provide the resource limit as a number. The default is 1000 resources. If you enable this policy setting, Internet Explorer will allow the
e this policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or eq
e this policy setting, Internet Explorer will allow the creation of application caches whose individual manifest file entries are less than or eq
nnot change this option to start with the home page. If you disable this policy setting, Internet Explorer starts a new browsing session with
nnot change this option to start with the home page. If you disable this policy setting, Internet Explorer starts a new browsing session with

nternet Explorer dialog. Note: This policy is deprecated starting with Windows 10 version 1703.
available for the SDTK.
available for the SDTK.

uded in Site Discovery. To configure zone(s) included in site discovery, a binary number is formed based on the selected zones. The decima
uded in Site Discovery. To configure zone(s) included in site discovery, a binary number is formed based on the selected zones. The decima
es included in Site Discovery. To configure the domain(s) included in data collection for the IE Site Discovery Toolkit, Add one domain per lin
es included in Site Discovery. To configure the domain(s) included in data collection for the IE Site Discovery Toolkit, Add one domain per lin
tart the handwriting recognition error reporting tool or send error reports to Microsoft. If you disable this policy, Tablet PC users can repor
tart the handwriting recognition error reporting tool or send error reports to Microsoft. If you disable this policy, Tablet PC users can repor

der Windows Components also needs to be enabled. If you disable or do not configure this policy setting, the domain controller does not
return a referral ticket to the client for the appropriate domain. If you disable or do not configure this policy setting, the KDC will not searc
es. This policy should be applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do
being logged. If set too low, then there will be too many ticket warnings in the log to be useful for analysis. This value should be set to the
will contain compound authentication only when the account is explicitly configured. This policy should be applied to all domain controllers
Freshness Extension is supported on request. Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fr
note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, type a realm name. In the Value column
eros V5 realm, enable the policy setting, note the syntax, and then click Show. In the Show Contents dialog box in the Value Name column, t
at matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificat
olicy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN bec
ng as LocalSystem or NetworkService are allowed to accept these connections. Services running as identities different from LocalSystem or
server name(s) to the DNS name for the domain using the syntax described in the options pane. In the Show Contents dialog box in the Val
is not guaranteed valid. If you disable or do not configure this policy setting, the Kerberos client enforces the revocation check for the SSL
tting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service
main controllers to support this policy. If you enable this policy setting, the device's Active Directory account will be configured for compou
ext token. If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, w
support claims and compound authentication for Dynamic Access Control and Kerberos armoring. If you disable or do not configure this p
main. If you enable this policy setting and the resource domain requests compound authentication, devices that support compound authe
ptions: Automatic: Device will attempt to authenticate using its certificate. If the DC does not support computer account authentication us
tion, hash publication settings are not applied to file servers. In the circumstance where file servers are domain members but you do not wa
Cache, and it is the only type of content information that can be retrieved by client computers. For example, if you enable support for V1 ha
cipher suites: AES_128_CCM How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in or
prefers from the list of server-supported cipher suites. Note: When configuring this security setting, changes will not take effect until you r
cipher suites: AES_128_CCM How to modify this setting: Arrange the desired cipher suites in the edit box, one cipher suite per line, in ord
common in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances
f you disable or do not configure this policy setting, Windows will prevent use of Offline Files with CA-enabled shares. Note: Microsoft doe
f you disable or do not configure this policy setting, Windows will prevent use of cached handles to files opened through CA shares. Note:
o execution policy is not configured. -- When the Diagnostic Policy Service is in the running state. When the service is stopped or disabled,
e the "Allow operation while in domain" option to allow LLTDIO to operate on a network interface that's connected to a managed network.
tional options are available to fine-tune your selection. You may choose the "Allow operation while in domain" option to allow the Respond

st for Windows Vista, Windows XP Professional, and Windows 2000 Professional. If you disable or do not configure this policy setting, Win
st for Windows Vista, Windows XP Professional, and Windows 2000 Professional. If you disable or do not configure this policy setting, Win
policy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Confi
policy setting, the system runs the programs in the run-once list. This policy setting appears in the Computer Configuration and User Confi

e this policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows 2000 Professi
cutable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Sy
cutable program (.exe) file or document file. To specify another name, press ENTER, and type the name. Unless the file is located in the %Sy
dentials, which results in shorter logon times. Group Policy is applied in the background after the network becomes available. Note that be

e this policy, the welcome screen is displayed each time a user logs on to the computer. This setting applies only to Windows 2000 Professi
sages are displayed to the user during these processes. Note: This policy setting is ignored if the ""Remove Boot/Shutdown/Logon/Logoff s
or do not configure this policy setting, the Switch User interface is accessible to the user in the three locations.

, Microsoft account users will see the opt-in prompt for services, and users with other accounts will see the sign-in animation. If you disab
d or custom background.

sable this policy setting, MDM Enrollment will be enabled for all users.
s policy setting, MDM will be unenrolled

edence over the "Configure search suggestions in Address bar" setting. If you enable or don't configure this setting, employees can see the
edence over the "Configure search suggestions in Address bar" setting. If you enable or don't configure this setting, employees can see the
e. If you don't configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edg
e. If you don't configure this setting, employees can choose whether to use Autofill to automatically fill in forms while using Microsoft Edg
ng for tracking info. If you don't configure this setting, employees can choose whether to send Do Not Track requests to websites asking fo
ng for tracking info. If you don't configure this setting, employees can choose whether to send Do Not Track requests to websites asking fo

whether to use Password Manager to save their passwords locally.


whether to use Password Manager to save their passwords locally.

can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If you disable this setting
can add new search engines and change the default used in the address bar from within Microsoft Edge Settings. If you disable this setting
crosoft Edge. If you don't configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft
crosoft Edge. If you don't configure this setting, employees can choose whether search suggestions appear in the Address bar of Microsoft
able this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employee
able this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employee
e how new tabs appears.
e how new tabs appears.
r regions where it's supported.
r regions where it's supported.

this setting is enabled, you must also add the default engine to the “Set default search engine” setting, by adding a link to your OpenSearch
this setting is enabled, you must also add the default engine to the “Set default search engine” setting, by adding a link to your OpenSearch
icy (aka.ms/browserpolicy). If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must
icy (aka.ms/browserpolicy). If you enable this setting, you can add up to 5 additional search engines. For each additional engine, you must
n't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings sto
n't enable both this setting and the Keep favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings sto
g, Microsoft Edge won't use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while
g, Microsoft Edge won't use the Enterprise Mode Site List XML file. In this case, employees might experience compatibility problems while

1703 or later: If you don't want to send traffic to Microsoft, you can use the <about:blank> value, which is honored for both domain- and no
1703 or later: If you don't want to send traffic to Microsoft, you can use the <about:blank> value, which is honored for both domain- and no
If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means
If you enable this setting, you can't lock down any Start pages that are configured using the "Configure Start pages" setting, which means
p favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorit
p favorites in sync between Internet Explorer and Microsoft Edge setting. Enabling both settings stops employees from syncing their favorit
ontinue to the site.
ontinue to the site.
ngs and continue the download process.
ngs and continue the download process.
f you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
f you disable or don't configure this setting, employees will see the Favorites that they set in the Favorites hub.
dge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.
dge gathers the Live Tile metadata, providing a fuller and more complete experience when a user pins a Live Tile to the Start menu.

Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to u
Microsoft, applying the updates during browser navigation. Visiting any site on the Microsoft Compatibility List prompts the employee to u
the tools that the files contain. This setting permits users to open MMC user-mode console files, such as those on the Administrative Tool
a snap-in setting in the folder is disabled or not configured, the snap-in is prohibited. -- If you disable this setting or do not configure it, all
ny snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or d
ny snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or d
ny snap-in except those explicitly permitted. To explicitly permit use of this snap-in, enable this setting. If this setting is not configured (or d
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
ng, the Group Policy tab is not displayed in those snap-ins. If this setting is not configured, the setting of the "Restrict users to the explicitly
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
e. An error message is displayed stating that policy is prohibiting the use of this snap-in. If this policy setting is not configured, the setting o
ws Mobility Center is on by default.
ws Mobility Center is on by default.
otifications and screen blanking, adjust speaker volume, and apply a custom background image. Note: Users will be able to customize their
otifications and screen blanking, adjust speaker volume, and apply a custom background image. Note: Users will be able to customize their
ng present on the device. This policy does not affect authentication performed directly by the user in browsers or in apps that use OAuth.
he daily scheduled time as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
om delay will be applied to Automatic Maintenance. If you disable this policy setting, no random delay will be applied to Automatic Mainte
and make a wake request for the daily scheduled time, if required. If you disable or do not configure this policy setting, the wake setting a
you do not configure this policy setting, MSDT is turned on by default. This policy setting takes effect only if the diagnostics-wide scenario
ible to find the root cause of the problem. If you enable this policy setting for remote troubleshooting, MSDT prompts the user to downloa
his policy setting, MSDT cannot run in support mode, and no data can be collected or sent to the support provider. If you do not configure
nd notification of MSI application to reinstall will occur with no UI. Windows will log an event when corruption is determined and will sugge
h directories that their own permissions would not allow. This policy setting does not affect installations that run in the user's security con
ault, users can install from removable media when the installation runs in their own security context. If you disable or do not configure this
isable or do not configure this policy setting, by default, only system administrators can apply patches during installations with elevated pr
Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or c
Panel. This profile setting lets users install programs that require access to directories that the user might not have permission to view or c
indows Installer to use Restart Manager to detect files in use and mitigate a system restart, when possible. -- The "Restart Manager Off" op
tting applies even when the installation is running in the user's security context. If you disable or do not configure this policy setting, the B
ry values. The Installer will analyze the patch for specific changes to determine if optimization is possible. If so, the patch will be applied us
settings on" option instructs Windows Installer to automatically generate log files for packages that include the MsiLogging property. -- The
his policy setting, users can install from removable media when the installation is running in their own security context, but only system adm
tall and upgrade software. This is the default behavior for Windows Installer on Windows 2000 Professional, Windows XP Professional and
o installations that run in the user's security context. If you disable or do not configure this policy setting, by default, users who are not sys
Installer cannot restore the computer to its original state if the installation does not complete. This policy setting is designed to reduce the
Installer cannot restore the computer to its original state if the installation does not complete. This policy setting is designed to reduce the
event users from changing installation options typically reserved for system administrators, such as specifying the directory to which files a
ndows Installer based applications. If you disable or do not configure this policy setting, users without administrative privileges can install
computer by a user or an administrator. The Windows Installer can still remove an update that is no longer applicable to the product. If yo
r do not configure this policy setting, by default, the Windows Installer automatically creates a System Restore checkpoint each time an ap
finds a per-user install of an application, this hides a per-computer installation of that same product. If you enable this policy setting and "H
identified by the original GUID appears to be removed and the component as identified by the new GUID appears as a new component. (2
modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0, the Windows Installer will st
d list as many or as few event types as you want. To disable logging, delete all of the letters from the box. If you disable or do not configure
nstallation to proceed. This policy setting is designed for enterprises that use Web-based tools to distribute programs to their employees. H
urce in the order that you want Windows Installer to search: -- "n" represents the network; -- "m" represents media; -- "u" represents
o repeat an installation in which the transform file was used, therefore, the user must be using the same computer or be connected to the

mation before sending the message.

onfiguration, including sending all DNS queries to the local intranet or Internet DNS servers. Note that NCA does not remove the existing IPs

ING:myserver.corp.contoso.com or PING:2002:836b:1::1. Note We recommend that you use FQDNs instead of IPv6 addresses wherever p
re are typically two IPsec tunnel endpoints: one for the infrastructure tunnel and one for the intranet tunnel. You should configure one end
If you enable this policy setting, the DCs to which this policy setting applies will attempt to verify a password with the PDC emulator if the
of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag. If the value of this setting is less than the value specified in the Ne
Final DC Discovery Retry Setting is reached. The default value for this setting is 60 minutes (60*60). The maximum value for this setting is 4
ue in the Use maximum DC discovery retry interval policy setting, the value for Use maximum DC discovery retry interval policy setting is us
(49*24*60*60=4233600). Any larger value is treated as infinity. The minimum value for this setting is to always refresh (0).
47 is commonly used as an optimal setting. If you specify zero for this policy setting, the default behavior occurs as described above. If you

ilable storage should be specified. If you disable or do not configure this policy setting, the default behavior occurs as indicated above.
The minimum value for this setting is 0. Warning: If the value for this setting is too large, a client will not attempt to find any DCs that wer
sable or do not configure this policy setting, the Netlogon share will grant shared read access to files on the share when exclusive access is
s 30 minutes (1800). The maximum value for this setting is (4294967200), while the maximum that is not treated as infinity is 49 days (49*2
se operations are critical. 15 minutes is optimal in all but extreme cases. For instance, if a DC is separated from a trusted domain by an expe
ers its site from Active Directory. If you do not configure this policy setting, it is not applied to any computers, and computers use their loc
tting is disabled or not configured, the SYSVOL share will grant shared read access to files on the share when exclusive access is requested an
me. If you enable this policy setting, computers to which this policy is applied will attempt to locate a domain controller hosting an Active D
ng is specified for this policy, the behavior is the same as explicitly enabling this policy, unless the AllowSingleLabelDnsDomain policy settin
ied dynamically register DC Locator site-specific DNS SRV records for the closest sites where no DC for the same domain, or no Global Cata
ess A <DnsDomainName> Ldap SRV _ldap._tcp.<DnsDomainName> LdapAtSite SRV _ldap._tcp.<SiteName>._sites.<DnsDo
periodically reregister their records with DNS servers, even if their records’ data has not changed. If authoritative DNS servers are configure
olicy setting, it is not applied to any DCs, and DCs use their local configuration.
ds and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the GC. An Active Dire
mpt to contact the first reachable host with the lowest priority number listed. To specify the Priority in the DC Locator DNS SRV resource re
n the SRV records Target field and are all set to the same priority. The probability with which the DNS client randomly selects the target ho
NS SRV records for those sites without a DC that are closest to it. The application directory partition DC Locator DNS records and the site-s
rds are dynamically registered by the Net Logon service, and they are used to locate the DC. An Active Directory site is one or more well-co
ed network connections. If you disable this policy setting, DCs will not register DC Locator DNS resource records. If you do not configure th
Locator is to find a DC in the same site. If none are found in the same site, a DC in another site, which might be several site-hops away, coul
uirements and is running, DC Locator will continue to return it. If a new domain controller is introduced, existing clients will only discover it
pplications. So this policy is provided to support such scenarios. By default, DC Locator APIs can return IPv4/IPv6 DC address. But if some ap
nclude them in the negotiation of cryptography algorithms. Therefore, computers running Windows NT 4.0 will not be able to establish a co
y if a remote DC responds to the mailslot message. This policy setting is recommended to reduce the attack surface on a DC, and can be us
s not use site information. Hence it does not ensure that clients will discover the closest DC. It also allows a hub-site client to discover a bra
P addresses which may then be used to compute a matching site for the client. The allowable values for this setting result in the following b
cator to be more aggressive about trying to locate a DC in such an environment, by pinging DCs at a higher frequency. Enabling this setting
components in the Windows Components Wizard. Important: If the "Enable Network Connections settings for Administrators" is disabled
setting), the Advanced Settings item is disabled for administrators. Important: If the "Enable Network Connections settings for Administra
s DNS and WINS server information. Important: If the "Enable Network Connections settings for Administrators" is disabled or not configur
not apply. The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements tog
Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 c
s\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection. If you disable this setting (and enab
mportant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to admin
nces item is disabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is d
Windows XP Professional do not have the ability to prohibit the use of features from Administrators. If you enable this setting, the Window
o the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be
Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections s
ons settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all
not open the Local Area Connection Properties dialog box. Important: If the "Enable Network Connections settings for Administrators" is d
portant: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to adminis
freshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting w
Properties dialog box is available to users. If you enable this setting, a Properties menu item appears when any user right-clicks the icon fo
abled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or not
abled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not
ccess Connection Properties dialog box for a private connection is available to users. If you enable this setting (and enable the "Enable Net
by using the File menu. If you disable this setting, the Rename option is disabled for nonadministrators only. If you do not configure the s
ote access connections is disabled for all users (including Administrators and Network Configuration Operators). Important: If the "Enable
ors and Network Configuration Operators can rename LAN connections Note: This setting does not apply to Administrators. Note: When t
disabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrators" is disabled or
g, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Proper
atus dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection a

through the local default gateway. If you enable this policy setting, all traffic between a remote client computer running DirectAccess and
ty. However, in most situations Windows Network Isolation will be able to correctly discover proxies. By default, any proxies configured wit
o not configure this policy setting, Windows Network Isolation attempts to discover proxies and configures them as Internet nodes. This s
work Isolation attempts to automatically discover private network hosts. By default, the addresses configured with this policy setting are m
able or do not configure this policy setting, Windows Network Isolation attempts to automatically discover your proxy server addresses. Fo
classified as private. If you disable or do not configure this policy setting, Windows Network Isolation attempts to automatically discover yo
oud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy

ou create within a folder that is available offline are made available offline when the parent folder is synchronized. If you disable this settin
C path to the file or folder. Leave the Value column field blank. If you disable this policy setting, the list of files or folders made always avail
C path to the file or folder. Leave the Value column field blank. If you disable this policy setting, the list of files or folders made always avail
"0" if users can work offline when they are disconnected from this server, or type "1" if they cannot. This setting appears in the Computer
"0" if users can work offline when they are disconnected from this server, or type "1" if they cannot. This setting appears in the Computer
m automatically stores a copy of the file on the user's computer. This setting does not limit the disk space available for files that user's make
g, Offline Files is enabled on Windows client computers, and disabled on computers running Windows Server, unless changed by the user. N
copy on the local computer is affected, but the associated network copy is not. The user cannot unencrypt Offline Files through the user in
corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding le
corresponding to the events you want the system to log. The levels are cumulative; that is, each level includes the events in all preceding le
splayed in the Synchronization Manager progress dialog box: "Files of this type cannot be made available offline." This setting is designed t
"Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indi
"Work offline" indicates that the computer can use local copies of network files while the server is inaccessible. -- "Never go offline" indi
copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline fi
copies of files available offline. Also, it does not prevent them from using other programs, such as Windows Explorer, to view their offline fi
is a comprehensive setting that locks down the configuration you establish by using other settings in this folder. This setting appears in the
is a comprehensive setting that locks down the configuration you establish by using other settings in this folder. This setting appears in the
that they want to make available offline. Notes: This policy setting appears in the Computer Configuration and User Configuration folders
that they want to make available offline. Notes: This policy setting appears in the Computer Configuration and User Configuration folders
e or folder. Leave the Value column field blank. If you disable this policy setting, the list of files and folders is deleted, including any lists inh
e or folder. Leave the Value column field blank. If you disable this policy setting, the list of files and folders is deleted, including any lists inh
playing them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. If this setting is n
playing them. If you disable the setting, the system displays the reminder balloons and prevents users from hiding them. If this setting is n
ter offline use. Caution: Files are not synchronized before they are deleted. Any changes to local files since the last synchronization are lost
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. This setting appears in th
appear every 60 minutes and are displayed for 15 seconds. You can use this setting to change the update interval. This setting appears in th
of the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, th
of the first reminder. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, th
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Compute
This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Compute
an configure the threshold value that will be used to determine a slow network connection. If this setting is disabled or not configured, the
his setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure th
his setting, the system only performs a quick synchronization. Quick synchronization ensures that files are complete, but does not ensure th
g this setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Mana
g this setting automatically enables logon synchronization in Synchronization Manager. If this setting is disabled and Synchronization Mana
disable or do not configuring this setting, files are not synchronized when the computer is suspended. Note: If the computer is suspended
disable or do not configuring this setting, files are not synchronized when the computer is suspended. Note: If the computer is suspended
nchronized at logon.
user working offline. If you enable this policy setting, Offline Files uses the slow-link mode if the network throughput between the client a
s on the Offline Files cache. This prevents users from trying to change the option while a policy setting controls it. If you enable this policy
'Sync Interval' and 'Sync Variance' values to override the default sync interval and variance settings. Use 'Blockout Start Time' and 'Blockou
ry and are not available to the user when offline. The cached files are not kept in sync with the version on the server, and the most current
e been made available offline.

d, synchronization will not run in the background on network folders when the user's network is roaming, near, or over the plan's data limi

will be turned on.


hat other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this regi
ctions exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if th
computer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this p
lf. This setting provides the added flexibility of allowing your users to use their peer-to-peer applications at home as well. Here are the fou
o that other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this re
ctions exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if th
computer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this p
nable, and then enter a semicolon-delimited list of IPV6 addresses in the available field. If you enable this setting and you don’t enter any a
o that other computers can find it when needed. If you enable this setting, PNRP will not use multicast for bootstrapping. Specifying this re
ctions exist between peers so that a node in the PNRP cloud can resolve names published by other nodes. PNRP creates a global cloud if th
computer cannot register PNRP names, and cannot help other computers perform PNRP lookups. If you disable or do not configure this p
nable, and then enter a semicolon-delimited list of DNS names or IPV6 addresses in the available field. If you enable this setting and you do
havior. If set to 1, then this validation will not be performed and any password will be allowed. If set to 0, the validation will be performed
s for any user. If you do not configure this policy setting, users can provision Windows Hello for Business as a convenience credential that e
s for any user. If you do not configure this policy setting, users can provision Windows Hello for Business as a convenience credential that e
sable or do not configure this policy setting, the TPM is still preferred, but all devices may provision Windows Hello for Business using softw
stures. NOTE: Disabling this policy prevents the user of biometric gestures on the device for all account types.
e device to decrypt. PIN recovery requires the user to perform multi-factor authentication to Azure Active Directory. If you enable this poli
ing the use of a phone as a companion device for desktop authentication. If you disable or do not configure this policy setting, phone sign-
number. If you disable or do not configure this policy setting, the PIN length must be greater than or equal to 4. NOTE: If the above specifie
er. If you disable or do not configure this policy setting, the PIN length must be less than or equal to 127. NOTE: If the above specified cond

abling or not configuring this policy setting and enabling the "Use Windows Hello for Business" policy setting requires the environment to
abling or not configuring this policy setting and enabling the "Use Windows Hello for Business" policy setting requires the environment to
or from each list to successfully unlock. If you disable or do not configure this policy setting, users can continue to unlock with existing unl

ness credentials compatible with smart card applications. NOTE: This policy affects Windows Hello for Business credentials at the time of cr
not allow the enumeration of provisioned Windows Hello for Business credentials for other users on the same device. This policy setting is
tibility mode or get help online through a Microsoft website. If you disable this policy setting, the PCA does not detect compatibility issues

ted Cache Servers Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not ap
of the following: - Not Configured. With this selection, BranchCache client computer cache settings are not applied to client computers by
nch office. In addition, when the hosted cache client obtains content from a content server, the client can upload the content to the hosted
the content to other BranchCache distributed cache mode clients in the branch office. Policy configuration Select one of the following: -
r this setting, which is the maximum round trip network latency allowed before caching begins, clients do not cache content until the netw
l prefer both these servers and hosted cache mode rather than manual BranchCache configuration or BranchCache configuration by other
enable this policy setting, all clients use the version of BranchCache that you specify in "Select from the following versions." If you do not c
onfigure client computers that are configured for hosted cache mode with the computer names of the hosted cache servers in the branch
omputer cache age settings are not applied to client computers by this policy. In the circumstance where client computers are domain mem

hen detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect Windows B
ogged to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DP
vent log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect W
vent log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS will detect
rfTrack by default.

users control this setting.


ntrol this setting.
e "Low Battery Notification Action" policy setting is configured to "No Action". If you disable or do not configure this policy setting, users ca
d8e50083), indicating the power plan to be active. If you disable or do not configure this policy setting, users can see and change this setti

r performing a resume operation.

screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" pol

hen the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy settin

screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" pol

hen the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" policy settin

t configure this policy setting, users control this setting.


t configure this policy setting, users control this setting.
achine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to
achine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" policy setting can be used to

nitiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown(). If you enable

you disable or do not configure this policy setting, users control this setting.
you disable or do not configure this policy setting, users control this setting.

sition to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to ru
sition to sleep. If you disable or do not configure this policy setting, users control this setting. If the user has configured a slide show to ru
ut is used to determine if Windows should automatically sleep.
ut is used to determine if Windows should automatically sleep.

is policy setting, users control this setting.


is policy setting, users control this setting.

un; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to r
un; scripts that originate from the Internet must be signed by a trusted publisher. The "Allow all scripts" policy setting allows all scripts to r
g of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the
g of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the
ocuments directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this
ocuments directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this
ript Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or
ript Block Invocation Logging, PowerShell additionally logs events when invocation of a command, script block, function, or script starts or
ot configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet. Note: This policy s
ot configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet. Note: This policy s
a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media
a previous version corresponding to a backup. If the Restore button is clicked, Windows attempts to restore the file from the backup media
olicy setting, it defaults to disabled.
olicy setting, it defaults to disabled.
he user clicks the Restore button, Windows attempts to restore the file from the local disk. If you do not configure this policy setting, it is di
he user clicks the Restore button, Windows attempts to restore the file from the local disk. If you do not configure this policy setting, it is di
s disabled by default.
s disabled by default.
file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. If you do not configure thi
file on a file share. If the user clicks the Restore button, Windows attempts to restore the file from the file share. If you do not configure thi
le this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk
le this policy setting, users can see previous versions corresponding to backup copies as well as previous versions corresponding to on-disk
be installed, and printing support and this setting must be enabled. Note: This setting affects the server side of Internet printing only. It do
may also be capable of isolating print drivers, depending on whether they are configured for it. If you enable or do not configure this polic
o not enter an alternate Internet address, the default link will appear in the Printers folder. Note: Web pages links only appear in the Printe
zard will display the default number of printers of each type: Directory printers: 20 TCP/IP printers: 0 Web Services printers: 0 Bluetooth
dio button on Add Printer Wizard's page 3, and do not specify a printer name in the adjacent "Name" edit box, then Add Printer Wizard disp
at the expense of increasing the load on the server. If you disable this policy setting on a client machine, the client itself will process print j

rnet or on a home or office network" option. When users click Browse, the system opens an Internet browser and navigates to the specified
Professional. If you do not configure this setting on Windows Server 2003 family products, the installation of kernel-mode printer drivers w
If they try, a message appears explaining that the setting prevents the action. However, this setting does not prevent users from using the
the methods described above.
mber of printers of each type: TCP/IP printers: 50 Web Services printers: 50 Bluetooth printers: 10 Shared printers: 50 If you would like to
e point and print only.
on-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this polic
e point and print only.
on-package point and print connection anytime a package point and print connection fails, including attempts that are blocked by this polic
rinters. The value you type here overrides the actual location of the computer conducting the search. Type the location of the user's comp
ximity to computers. If you enable this setting, users can browse for printers by location without knowing the printer's location or location
t driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection
t driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection
ory searches for printers. It does not restrict user searches through Active Directory.
en if Active Directory is not available. If you do not configure this setting, shared printers are announced to browse master servers only wh
cy setting, the print spooler will execute print drivers in the print spooler process. Notes: -Other system or driver policy settings may alter
ng, the print spooler uses the Driver Isolation compatibility flag value reported by the print driver. Notes: -Other system or driver policy setti
cal driver store and server driver cache for compatible Point and Print drivers. If it is unable to find a compatible driver, then the Point and P
ng or do not configure it, then all printer extensions that have been installed will be allowed to run.
atically publish shared printers in Active Directory. Note: This setting is ignored if the "Allow printers to be published" setting is disabled.
objects from Active Directory when the computer that published them does not respond to contact requests. Computers running Windows
y default, the pruning service contacts computers every eight hours and allows two repeated contact attempts before deleting printers fro
preempted by higher priority threads. By default, the pruning thread runs at normal priority. However, you can adjust the priority to impr
mputer still fails to respond, then the pruning service "prunes" (deletes from Active Directory) printer objects the computer has published.
fied interval. The "Directory pruning retry" setting determines the number of times the attempt is retried; the default value is two retries. T
le. Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
cation interval. To disable verification, disable this setting, or enable this setting and select "Never" for the verification interval.
nable this setting or do not configure it, the domain controller prunes this computer's printers when the computer does not respond. If yo
ministrator also appear in the Programs Control Panel. If this setting is disabled or not configured, the Programs Control Panel in Category V
ed Programs Control Panel Features including Windows Features, Get Programs, or Windows Marketplace.
dates" page will be available to all users. This setting does not prevent users from using other tools and methods to install or uninstall prog
d other locations. If this setting is disabled or not configured, the Set Program Access and Defaults button is available to all users. This setti
ce using other methods. If this feature is disabled or is not configured, the "Get new programs from Windows Marketplace" task link will b
ose programs that the system administrator has explicitly made available to the user with a tool such as Windows Installer. Typically, system
tting does not prevent users from using other tools and methods to configure services or enable or disable program components.

ervice type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service type is sp
Controlled Load service type. If you disable this setting, the system uses the default DSCP value of 24 (0x18). Important: If the DSCP value
eed service type. If you disable this setting, the system uses the default DSCP value of 40 (0x28). Important: If the DSCP value for this serv
Network Control service type. If you disable this setting, the system uses the default DSCP value of 48 (0x30). Important: If the DSCP valu
e service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service type is s
Effort service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service typ
th the Controlled Load service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value fo
Guaranteed service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this servic
with the Network Control service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value
alitative service type. If you disable this setting, the system uses the default DSCP value of 0. Important: If the DSCP value for this service t
ble this setting, you can limit the number of outstanding packets. If you disable this setting or do not configure it, then the setting has no e
ount of bandwidth the system can reserve. If you disable this setting or do not configure it, the system uses the default value of 80 percent
re it, the setting has no effect on the system. Important: If a timer resolution is specified in the registry for a particular network adapter, th
mportant: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignored
ity value of 0. Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this s
0. Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ign
ority value of 0. Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, thi
e Layer-2 priority value for nonconforming packets is specified in the registry for a particular network adapter, this setting is ignored when c
Important: If the Layer-2 priority value for this service type is specified in the registry for a particular network adapter, this setting is ignore
em reliability information. If you disable this policy setting, Reliability Monitor will not display system reliability information, and WMI-cap
to the event log when detected, but no corrective action will be taken. If you select detection, troubleshooting and resolution, the DPS wil
condition") appears on the "Advanced recovery methods" page of Recovery (in Control Panel) and will allow the user to restore the compu
rsistent System Timestamp is turned off and the timing of unexpected shutdowns is not recorded. If you do not configure this policy settin
et to "Upload unplanned shutdown events" by default. Also see the "Configure Error Reporting" policy setting.
ate Data feature is never activated. If you do not configure this policy setting, the default behavior for the System State Data feature occurs
e this policy setting and choose "Server Only" from the drop-down menu list, the Shutdown Event Tracker is displayed when you shut down
ning this version (or later versions) of the operating system can connect to this computer. If you disable this policy setting, computers runni
tions: -Use 16-bit color (8-bit color in Windows Vista) -Turn off font smoothing (not supported in Windows Vista) -No full window drag -Tu
able this policy setting, the warning message you specify overrides the default message that is seen by the novice. If you disable this polic
s computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connecti
mote Assistance. If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support s
d, the access right does not take effect until the operating system is restarted.
d, the access right does not take effect until the operating system is restarted.

h is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Driv


h is located in "Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Driv

torage classes.
torage classes.

ervice, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server. If you enable this policy setting, R
nterfaces (APIs). If you disable this policy setting, the RPC Runtime only generates a status code to indicate an error condition. If you do no
pplications written for the traditional delegation model prior to Windows Server 2003 may not use this flag and will encounter RPC_S_SEC_
e the RPC Runtime and the RPC/HTTP Proxy to use a lower connection timeout. This policy setting is only applicable when the RPC Client,
ffected machine. This policy setting should never be applied to a domain controller. If you disable this policy setting, the RPC server runtim
ults to "Auto2" level. If you enable this policy setting, you can use the drop-down box to determine which systems maintain RPC state info
nds box, you can type a number from 1 to 32,000 for the number of seconds you want the system to wait for the set of scripts to finish. To
Windows 2000 does not display logon scripts written for Windows NT 4.0 and earlier. If you disable or do not configure this policy setting, W
d users. If you disable or do not configure this policy setting, the instructions are suppressed.
u disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. This p
u disable or do not configure this policy setting, the logon scripts and File Explorer are not synchronized and can run simultaneously. This p
sers. If you disable or do not configure this policy setting, the instructions are suppressed.
omputer startup and shutdown. For example, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This polic
ple, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and G
ple, assume the following scenario: There are three GPOs (GPO A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and G
ow. If you disable or do not configure this policy setting, the instructions are suppressed.
not configure this policy setting, a startup cannot run until the previous script is complete. Note: Starting with Windows Vista operating sy
d for advanced users. If you disable or do not configure this policy setting, the instructions are suppressed. Note: Starting with Windows V
onfigure this policy setting, user account cross-forest, interactive logging cannot run logon scripts if NetBIOS or WINS is disabled, and the D
ally signed packages.
ess or run the troubleshooting tools from the Control Panel. Note that this setting also controls a user's ability to launch standalone troubl
onfigure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Micro
Windows will resolve some of these problems silently without requiring user input. If you disable this policy setting, Windows will not be a
isabled by default.
isabled by default.
figure this policy setting, the local setting, configured through Control Panel, will be used. By default, the Control Panel setting is set to not

ng, configured through Control Panel, will be used. Note: By default, the Control Panel setting is set to treat words that differ only because o
anguages. If you disable or do not configure this policy setting, Windows will use automatic language detection only when it can determine
can be indexed.
performs a query in Search. If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the
he web over metered connections and web results will be displayed when a user performs a query in Search. If you don't configure this po
some Microsoft account info to personalize their search and other Microsoft experiences. -Anonymous info: Share usage information bu
h results. If you disable or don't configure this policy setting, users can specify the SafeSearch setting.
shared or not shared on this computer, and automatically adds them to or removes them from the index.
will not be visible. When the policy is disabled, both the Add and Remove locations options as well as any previously specified user location
s the default for this policy setting.

as no effect on delegate mailboxes. To stop indexing of online and delegate mailboxes you must disable both policies.
gate mailbox, ensure that for Microsoft Outlook 2007 no portions of the delegate mailbox are cached locally. The default behavior for Searc
nute. If you disable this policy, then online mail items will be indexed at the speed that the Microsoft Exchange server can support. If you se

SharePoint Portal Server, your query should resemble the following: http://sitename/Search.aspx?k=$w If your intranet search service is W
. 2) The URL to the search service. Use $w in place of the query term for the search service URL. If your intranet search service is SharePo
r. When this policy is disabled or not configured, the preview pane shows automatically to the right of the Desktop Search results, and you
not configured, the default is small icon view.

deploy a particular iFilter, make sure that this iFilter is on the allow list, either as a GUID such as {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (inc
fied in the Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be ind

y under "User Configuration." To include a file system path for indexing, please specify the file system path to be indexed under the "Comp

the Group Policy under "User Configuration." To restrict a file system path from indexing, please specify the file system path to be indexed
e default list of excluded file types. If you enable and then disable this policy, the user's original list is restored. If you want to specify an ini

puter's security. When Security Center is not enabled on the domain, neither the notifications nor the Security Center status section are dis

he server. However, if the "Do not show me this console at logon" (Windows Server 2008 and Windows Server 2008 R2) or “Do not start Se
l specified in the policy setting instead of the “Configure Refresh Interval” setting (in Windows Server 2008 and Windows Server 2008 R2),
gs on to the server. If you do not configure this policy setting, the Initial Configuration Tasks window is displayed when an administrator log
the "Don’t display this page at logon" option at the bottom of the Manage Your Server page, the page is not displayed.
ust enter the fully qualified path to the new location in the ""Alternate source file path"" text box. Multiple locations can be specified when
sable this setting, "sync your settings" is on by default and configurable by the user.
f the "app settings" group is on by default and configurable by the user.
passwords" group is on by default and configurable by the user.
he "personalize" group is on by default and configurable by the user.
oup is on by default and configurable by the user.
f you do not set or disable this setting, syncing of the "Other Windows settings" group is on by default and configurable by the user.
you do not set or disable this setting, syncing of the "desktop personalization" group is on by default and configurable by the user.
syncing is turned off by default but not disabled. If you do not set or disable this setting, syncing of the "browser" group is on by default a
metered connections is configurable by the user.
rt layout" group is on by default and configurable by the user.

ransmits them to Microsoft over a secure connection. If you enable this policy, Tablet PC users cannot choose to share writing samples fro
ransmits them to Microsoft over a secure connection. If you enable this policy, Tablet PC users cannot choose to share writing samples fro
default is to allow shared folders to be published when this setting is not configured.
tion is disabled. Note: The default is to allow shared folders to be published when this setting is not configured.
ng wizard. Also, the sharing wizard cannot create a share at %root%\users and can only be used to create SMB shares on folders. If you di
data on a domain-joined computer is not shared with the homegroup. This policy setting is not configured by default. You must restart the
un Cmd.exe and batch files normally. Note: Do not prevent the computer from running batch files if the computer uses logon, logoff, startu

rom running programs such as Task Manager, which are started by the system process or by other processes. Also, if users have access to
m running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the
nd unsigned gadgets.
nd unsigned gadgets.

oad photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with O
this setting is not enabled, the OneDrive sync client will start automatically when users sign in to Windows. If you enable or disable this se
automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features

e apps will still be able to access OneDrive using the WinRT API. If you enable or do not configure this policy setting, users with a connecte
g attributes can also be used to log on with a smart card: - Certificates with no EKU - Certificates with an All Purpose EKU - Certificates wit
do not configure this policy setting then the integrated unblock feature will not be available.
termined to be the same if they are issued from the same template with the same major version and they are for the same user (determin
ct your smart card vendor to determine if your smart card and associated CSP supports the required behavior. If you enable this setting, th

olicy setting certificates will be listed on the logon screen regardless of whether they have an invalid time or their time validity has expired

g then root certificates will not be propagated from the smart card.
l be displayed to the user when the smart card is blocked, if the integrated unblock feature is enabled.
will be displayed along with "[email protected]." If the UPN is not present then the entire subject name will be displayed. This setting c
nufacturer to find out whether you will be affected by this policy setting.
policy setting, an optional field that allows users to enter their user name or user name and domain will not be displayed.
t be installed when a card is inserted in a Smart Card Reader. Note: This policy setting is applied only for smart cards that have passed the W
etting is applied only for smart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.
er's ability to log on to a domain. ECC certificates on a smart card that are used for other applications, such as document signing, are not aff
ot appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you en
ou do not configure this setting, users will be able to choose their own setting for App Install Control.
able this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employee
able this setting, Windows Defender SmartScreen is turned off and employees can't turn it on. If you don't configure this setting, employee
ontinue to the site.
ontinue to the site.
s, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SN
uter on the network. The manager's role is to poll the agents for certain requested information. If you enable this policy setting, the SNMP
ommunity sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management syste

n download them from a Microsoft service using the Background Internet Transfer Service (BITS).
ch is part of the File Server Resource Manager role service. If you enable this policy setting, the Classification tab is displayed. If you disab
ource Manager role service. If you enable this policy setting, you can select which list of properties is available for classification on the affe
file servers on which this policy setting is applied. If you disable this policy setting, users see a standard Access Denied message that doesn
re results" link.
link on the start menu.

ou disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and th
ername> item from the Start Menu. If you disable this setting or do not configure it, users can use the Display Logoff item to add and remo
do not configure it, all Start menu shortcuts appear as black text. Note: Enabling this setting can make the Start menu slow to open.
alized Menus" option so users do not try to change the setting while a setting is in effect. Note: Personalized menus require user tracking.
the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties. If you disable this setti
s such, they share the memory space allocated to the VDM process and cannot run simultaneously. Enabling this setting adds a check box
If you enable this setting, the system notification area expands to show all of the notifications that use this area. If you disable this setting
my programs gone" on the Start menu, and "Where have my icons gone" in the notification area. If you disable this setting or do not config
condary tile, enter the customize mode and rearrange tiles within Start and Apps.
id when the user logged off, including the history of previous notifications for each tile. This setting does not prevent new notifications fro

ayout PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. Once the XML
ayout PowerShell cmdlet on that same device. The cmdlet will generate an XML file representing the layout you configured. Once the XML
m the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE
m the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE
u\Programs.
roperties, and then click Customize. If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favor
ers press the Application key (the key with the Windows logo)+ F. Note: Enabling this policy setting also prevents the user from using the F3

nning Help.
used programs in the Start Menu. Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn
on and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. Selecting "Remove and disable setting" will rem
xplorer, but if users try to start it, a message appears explaining that a setting prevents the action. If you disable or do not configure this po

rams do not display shortcuts at the bottom of the File menu. In addition, the Jump Lists off of programs in the Start Menu and Taskbar do
users cannot turn the menu on. If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document
paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. I
searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to
---Accessing local drives: e.g., C: --- Accessing local folders: e.g., \temp> Also, users with extended keyboards will no longer be able to di
methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System. If you disable or do not configure th
available from Settings on the Start menu.
well as which programs are accessible from the Start menu, desktop, and other locations. If you disable or do not configure this policy setti
g effective, you must log off and then log on. If you disable or do not configure this policy setting, he Documents icon is available from the

might confuse users, you can use this setting to hide user-specific folders. Note that this setting hides all user-specific folders, not just tho
e this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons. If you disa

e taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
rs to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only t
users from using other methods to issue the commands that appear on these menus.
oolbars (if any), and the system clock. If this setting is disabled or is not configured, the notification area is shown in the user's taskbar. No
policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
enu in Internet Explorer. Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. T

do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item. This policy setting affects th

will be set to Shut Down by default, and the user can change this setting to another action.
vent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as differe

e to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.

d first when the apps are sorted by category, and the user can configure this setting.
n the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start

ou enable this policy setting, the option to configure System Restore through System Protection is disabled. If you disable or do not config
he option to configure System Restore or create a restore point through System Protection is also disabled. If you disable or do not configu
able to configure this setting in the Input Panel Options dialog box. If you disable this policy, application auto complete lists will appear nex
able to configure this setting in the Input Panel Options dialog box. If you disable this policy, application auto complete lists will appear nex
dialog box. If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this
dialog box. If you disable this policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will not be able to configure this
appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Pane
appear next to text entry areas when using a tablet pen as an input device. Users will not be able to configure this setting in the Input Pane
xt to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog b
xt to any text entry area when a user is using touch input. Users will not be able to configure this setting in the Input Panel Options dialog b
ables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy an
ables you to use handwriting or an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy an
ng panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter
ng panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) enables you to use handwriting or an on-screen keyboard to enter
keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose “All” from the drop-down menu, no
keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy and choose “All” from the drop-down menu, no
to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will not provide text prediction suggestions.
to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, Input Panel will not provide text prediction suggestions.
ure this policy, applications can be launched from a hardware button.
ure this policy, applications can be launched from a hardware button.
ailable. If you do not configure this policy, press and hold actions will be available.
ailable. If you do not configure this policy, press and hold actions will be available.

icks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable
icks tray icon and pen flicks training (that can be accessed through CPL) are still available. Conceptually this policy is a subset of the Disable

ons will appear as toast notifications. A reboot is required for this policy setting to take effect.

ack the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracke
ble or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
les, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.

ble to review any notifications they miss. If you disable or do not configure this policy setting, Notification and Security and Maintenance w

by default. If you enable this policy setting, users can show an additional calendar in either Simplified Chinese (Lunar) or Traditional Chines
task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu an
task, they must select a program from the list in the Scheduled Task Wizard, which displays only the tasks that appear on the Start menu an
sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power manageme
sheet allows users to change task characteristics such as: the program the task runs, details of its schedule, idle time and power manageme
ogram into the Scheduled tasks folder. This setting does not prevent users from using other methods to create new tasks, and it does not p
ogram into the Scheduled tasks folder. This setting does not prevent users from using other methods to create new tasks, and it does not p
onfiguration takes precedence over the setting in User Configuration.
onfiguration takes precedence over the setting in User Configuration.
nd changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its secur
nd changing characteristics such as the program the task runs, its schedule details, idle time and power management settings, and its secur
tion takes precedence over the setting in User Configuration. Important: This setting does not prevent administrators of a computer from u
tion takes precedence over the setting in User Configuration. Important: This setting does not prevent administrators of a computer from u
ders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Impor
ders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Impor
g, you can configure ISATAP with one of the following settings: Policy Default State: If the ISATAP router name is resolved successfully, the

do not configure this policy setting, the local host setting is used. If you enable this policy setting, you can configure 6to4 with one of the
, and you cannot specify a relay name for a 6to4 host.

o interfaces are present on the host. Client: The Teredo interface is present only when the host is not on a network that includes a domain

s policy setting, you can specify the refresh rate. If you choose a refresh rate longer than the port mapping in the Teredo client's NAT devic
g, the local host setting is used.
do will attempt qualification immediately and remain qualified if the qualification process succeeds.
IP-HTTPS interface is used when there are no other connectivity options. Policy Enabled State: The IP-HTTPS interface is always present, ev
bled and system will try to identify connectivity and throughput problems and take appropriate measures. If you disable this policy setting
s and routes.
able or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is th
e this policy setting, users cannot redirect Clipboard data. If you disable this policy setting, Remote Desktop Services always allows Clipboa
mote Desktop Services session, depending on the client configuration. If you do not configure this policy setting, Windows Vista displays w
ng, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy se
d Windows Server 2008. If you are using Windows Server 2012, you can configure this in the Collection properties sheet by using Server Ma
tion for remote desktop sessions can reduce connection performance, particularly over slow links, and increase the load on the remote com
affected. If the server is configured to use RD Connection Broker, users who have an existing session are redirected to the RD Session Host s

running RemoteApp program associated with a session, the RemoteApp session will remain in a disconnected state until the time limit tha
running RemoteApp program associated with a session, the RemoteApp session will remain in a disconnected state until the time limit tha
g for remote connections can improve connection performance, particularly over slow links. By default, font smoothing is allowed for rem
ou disable or do not configure this policy setting, Remote Desktop IP Virtualization is turned off. A network adapter must be configured for
is used if a virtual IP is not available.

time. If you disable or do not configure this policy setting, Windows Installer RDS Compatibility is turned on, and multiple per user applic
(do not enter any blank lines between programs). For example: explorer.exe mstsc.exe If you disable or do not configure this policy settin
is setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
ble this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption
in the Remote Desktop Connection client. If you enable this policy setting, users cannot automatically log on to Remote Desktop Services
methods are available: * Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport La
he RD Session Host server. To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connec
u need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when
teway server settings" option on the client. To allow users to overwrite this policy setting, select the "Allow users to change this setting" ch
olicy setting. You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setti
" option on the client. Note: It is highly recommended that you also specify the authentication method by using the "Set RD Gateway auth
nection is lost. If the status is set to Disabled, automatic reconnection of clients is prohibited. If the status is set to Not Configured, autom
maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support av
esktop Services session. You can specify a number from 1 to 16. If you disable or do not configure this policy setting, the number of monito
Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections. If you do
will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session. If you disable or do
Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop S
tting, logging off the connected administrator is not allowed. If you disable or do not configure this policy setting, logging off the connected
ssion Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host
very process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order: 1.
yed that notes the number of days until the licensing grace period for the RD Session Host server will expire. If you enable this policy settin
e requires that each device connecting to this RD Session Host server have an RDS Per Device CAL. If you enable this policy setting, the Rem
s performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of
log box. If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog
pen the Windows Security dialog box on the client computer. If the status is set to Disabled or Not Configured, Windows Security remains
app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. If you disable
n, with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user
n, with the user's consent. 3. Full Control without user's permission: Allows the administrator to interact with the session, without the user
licy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not config
onnection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Window
onnection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Window
y descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. If you disable
ou enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any
\Sharename, and then select the drive letter to which you want the network share to be mapped. If you choose to keep the home director
e configured to use the network share for user profiles. If you enable this policy setting, Remote Desktop Services uses the specified path a
the RD Session Host server use the same user profile. If you disable or do not configure this policy setting, mandatory user profiles are not
you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roamin
u enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS
try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a
cal computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remo
uires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as dete
ophone. By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio re
e this policy setting, users cannot redirect Clipboard data. If you disable this policy setting, Remote Desktop Services always allows Clipboa
you enable this policy setting, users cannot redirect server data to the local COM port. If you disable this policy setting, Remote Desktop S
printer is the printer specified on the remote computer. If you disable this policy setting, the RD Session Host server automatically maps the
ion Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client
ion Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client
u enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection
ices session cannot redirect server data to the local LPT port. If you disable this policy setting, LPT port redirection is always allowed. If yo
ices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supp
rint jobs from the remote computer to a local client printer in Remote Desktop Services sessions. If you disable this policy setting, users ca
e default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. Y
art card devices on connection. Note: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft W
o not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as
and does not allow unsecured communication with untrusted clients. If the status is set to Disabled, Remote Desktop Services always reque
bled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on t
Domain Services. If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the
ries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where
tting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a hig
imits. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remot
imits. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remot
sconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected se
sconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected se
er receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the ses
er receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the ses
es before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a con
es before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a con
mporary folders are retained when the user logs off from a session. If you disable this policy setting, temporary folders are deleted when a
created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid. If you enable this poli
confirm whether they want to connect. If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown
confirm whether they want to connect. If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown
ult .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). If y
ng default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp fil
ages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. If you disable or d
ages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field. If you disable or d
the client computer, the user will not be prompted to provide credentials. Note: If you enable this policy setting in releases of Windows Se
ost server. Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server ca
his mode consumes the lowest amount of network bandwidth of the quality modes. If you enable this policy setting and set quality to Me
network condition 2. Optimize for server scalability 3. Optimize for minimum bandwidth usage If you disable or do not configure this polic
but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less netwo
advanced graphics. If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these a
ing when available, be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyp

ere are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware ac
ng, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich mul
mputer. If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection b
rtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1. When deployed on an RD Ses
can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
ndows Server 2008 R2 SP1 RemoteFX Codec for encoding. This mode is compatible with thin client devices that only support the Windows
gured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx. If you enable this policy setting, the specified URL is configured as th
ll assume that all traffic to this server originates from a low-speed connection. If you disable Continuous Network Detect, Remote Desktop
ost of the RDP traffic will use UDP. If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.

the default adapter. If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the M

network folders.

by using gestures, the touch pointer, and other-touch specific features. If you do not configure this setting, touch input is on by default. N
by using gestures, the touch pointer, and other-touch specific features. If you do not configure this setting, touch input is on by default. N
onfigure this setting, Touch Panning is on by default. Note: Changes to this setting will not take effect until the user logs off.
onfigure this setting, Touch Panning is on by default. Note: Changes to this setting will not take effect until the user logs off.
hoose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the T
PM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "C
w the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List"
g "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Window
prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring author
helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send comma
n. This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users ca
e effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a syste
he findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are in
trators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or unti

seconds is used.
seconds is used.

the event log. If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
the event log. If you disable or do not configure this policy setting, no event is written to the event log to report settings package size.
e the last check are registered by the UE-V Agent. The UE-V Agent deregisters templates that were removed from this location. If you spec
ttings which are common between the versions of Internet Explorer continue to synchronize. If you disable this policy setting, the user setti
ttings which are common between the versions of Internet Explorer continue to synchronize. If you disable this policy setting, the user setti
etting, Internet Explorer 8 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defin
etting, Internet Explorer 8 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defin
etting, Internet Explorer 9 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defin
etting, Internet Explorer 9 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defin
cy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
cy setting, Internet Explorer 10 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
cy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
cy setting, Internet Explorer 11 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
cluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
cluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
ed from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
ed from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted.
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
is policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setti
is policy setting, Microsoft Access 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setti
y setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
y setting, Microsoft Excel 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
etting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
etting, Microsoft Lync 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
er user settings continue to synchronize. If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded fr
er user settings continue to synchronize. If you disable this policy setting, Microsoft Office 2016 Upload Center user settings are excluded fr
ize. If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. If you do no
ize. If you disable this policy setting, OneDrive for Business 2016 user settings are excluded from the synchronization settings. If you do no
disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. If you do not configure th
disable this policy setting, Microsoft OneNote 2016 user settings are excluded from the synchronization settings. If you do not configure th
ble this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. If you do not configure this pol
ble this policy setting, Microsoft Outlook 2016 user settings are excluded from the synchronization settings. If you do not configure this pol
e. If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. If you do not
e. If you disable this policy setting, Microsoft PowerPoint 2016 user settings are excluded from the synchronization settings. If you do not
his policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. If you do not configure this policy se
his policy setting, Microsoft Project 2016 user settings are excluded from the synchronization settings. If you do not configure this policy se
disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. If you do not configure t
disable this policy setting, Microsoft Publisher 2016 user settings are excluded from the synchronization settings. If you do not configure t
setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
setting, Microsoft Visio 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
icy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
icy setting, Microsoft Word 2016 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
e this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be back
e this policy setting, certain user settings which are common between the Microsoft Office Suite 2016 applications will continue to be back
this policy setting, certain user settings of Microsoft Access 2016 will not be backed up. If you do not configure this policy setting, any defi
this policy setting, certain user settings of Microsoft Access 2016 will not be backed up. If you do not configure this policy setting, any defi
licy setting, certain user settings of Microsoft Excel 2016 will not be backed up. If you do not configure this policy setting, any defined valu
licy setting, certain user settings of Microsoft Excel 2016 will not be backed up. If you do not configure this policy setting, any defined valu
y setting, certain user settings of Microsoft Lync 2016 will not be backed up. If you do not configure this policy setting, any defined values w
y setting, certain user settings of Microsoft Lync 2016 will not be backed up. If you do not configure this policy setting, any defined values w
u disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up. If you do not configure this policy setti
u disable this policy setting, certain user settings of Microsoft OneNote 2016 will not be backed up. If you do not configure this policy setti
sable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up. If you do not configure this policy setting, a
sable this policy setting, certain user settings of Microsoft Outlook 2016 will not be backed up. If you do not configure this policy setting, a
d up. If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up. If you do not configure thi
d up. If you disable this policy setting, certain user settings of Microsoft PowerPoint 2016 will not be backed up. If you do not configure thi
e this policy setting, certain user settings of Microsoft Project 2016 will not be backed up. If you do not configure this policy setting, any de
e this policy setting, certain user settings of Microsoft Project 2016 will not be backed up. If you do not configure this policy setting, any de
ou disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up. If you do not configure this policy setti
ou disable this policy setting, certain user settings of Microsoft Publisher 2016 will not be backed up. If you do not configure this policy setti
cy setting, certain user settings of Microsoft Visio 2016 will not be backed up. If you do not configure this policy setting, any defined value
cy setting, certain user settings of Microsoft Visio 2016 will not be backed up. If you do not configure this policy setting, any defined value
policy setting, certain user settings of Microsoft Word 2016 will not be backed up. If you do not configure this policy setting, any defined va
policy setting, certain user settings of Microsoft Word 2016 will not be backed up. If you do not configure this policy setting, any defined va
user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft
user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft
vent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. If you enable this policy se
vent the user settings of Microsoft Office 365 Access 2016 from synchronization between computers with UE-V. If you enable this policy se
t the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. If you enable this policy setting,
t the user settings of Microsoft Office 365 Excel 2016 from synchronization between computers with UE-V. If you enable this policy setting,
the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. If you enable this policy setting, M
the user settings of Microsoft Office 365 Lync 2016 from synchronization between computers with UE-V. If you enable this policy setting, M
prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. If you enable this p
prevent the user settings of Microsoft Office 365 OneNote 2016 from synchronization between computers with UE-V. If you enable this p
revent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. If you enable this polic
revent the user settings of Microsoft Office 365 Outlook 2016 from synchronization between computers with UE-V. If you enable this polic
ng to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. If you enable
ng to prevent the user settings of Microsoft Office 365 PowerPoint 2016 from synchronization between computers with UE-V. If you enable
vent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. If you enable this policy s
vent the user settings of Microsoft Office 365 Project 2016 from synchronization between computers with UE-V. If you enable this policy s
o prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. If you enable this p
o prevent the user settings of Microsoft Office 365 Publisher 2016 from synchronization between computers with UE-V. If you enable this p
the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. If you enable this policy setting,
the user settings of Microsoft Office 365 Visio 2016 from synchronization between computers with UE-V. If you enable this policy setting,
nt the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. If you enable this policy settin
nt the user settings of Microsoft Office 365 Word 2016 from synchronization between computers with UE-V. If you enable this policy settin
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
is policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setti
is policy setting, Microsoft Access 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setti
y setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
y setting, Microsoft Excel 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
able this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. If you do not configure this p
able this policy setting, Microsoft InfoPath 2013 user settings are excluded from the synchronization settings. If you do not configure this p
etting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
etting, Microsoft Lync 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
er user settings continue to synchronize. If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded fr
er user settings continue to synchronize. If you disable this policy setting, Microsoft Office 2013 Upload Center user settings are excluded fr
ize. If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. If you do no
ize. If you disable this policy setting, OneDrive for Business 2013 user settings are excluded from the synchronization settings. If you do no
disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. If you do not configure th
disable this policy setting, Microsoft OneNote 2013 user settings are excluded from the synchronization settings. If you do not configure th
ble this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. If you do not configure this pol
ble this policy setting, Microsoft Outlook 2013 user settings are excluded from the synchronization settings. If you do not configure this pol
e. If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. If you do not
e. If you disable this policy setting, Microsoft PowerPoint 2013 user settings are excluded from the synchronization settings. If you do not
his policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. If you do not configure this policy se
his policy setting, Microsoft Project 2013 user settings are excluded from the synchronization settings. If you do not configure this policy se
disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. If you do not configure t
disable this policy setting, Microsoft Publisher 2013 user settings are excluded from the synchronization settings. If you do not configure t
user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from
user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Designer 2013 user settings are excluded from
setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
setting, Microsoft Visio 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
icy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
icy setting, Microsoft Word 2013 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
e this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be back
e this policy setting, certain user settings which are common between the Microsoft Office Suite 2013 applications will continue to be back
this policy setting, certain user settings of Microsoft Access 2013 will not be backed up. If you do not configure this policy setting, any defi
this policy setting, certain user settings of Microsoft Access 2013 will not be backed up. If you do not configure this policy setting, any defi
licy setting, certain user settings of Microsoft Excel 2013 will not be backed up. If you do not configure this policy setting, any defined valu
licy setting, certain user settings of Microsoft Excel 2013 will not be backed up. If you do not configure this policy setting, any defined valu
disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up. If you do not configure this policy setting,
disable this policy setting, certain user settings of Microsoft InfoPath 2013 will not be backed up. If you do not configure this policy setting,
y setting, certain user settings of Microsoft Lync 2013 will not be backed up. If you do not configure this policy setting, any defined values w
y setting, certain user settings of Microsoft Lync 2013 will not be backed up. If you do not configure this policy setting, any defined values w
u disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up. If you do not configure this policy setti
u disable this policy setting, certain user settings of Microsoft OneNote 2013 will not be backed up. If you do not configure this policy setti
sable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up. If you do not configure this policy setting, a
sable this policy setting, certain user settings of Microsoft Outlook 2013 will not be backed up. If you do not configure this policy setting, a
d up. If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up. If you do not configure thi
d up. If you disable this policy setting, certain user settings of Microsoft PowerPoint 2013 will not be backed up. If you do not configure thi
e this policy setting, certain user settings of Microsoft Project 2013 will not be backed up. If you do not configure this policy setting, any de
e this policy setting, certain user settings of Microsoft Project 2013 will not be backed up. If you do not configure this policy setting, any de
ou disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up. If you do not configure this policy setti
ou disable this policy setting, certain user settings of Microsoft Publisher 2013 will not be backed up. If you do not configure this policy setti
ner 2013 will continue to be backed up. If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will n
ner 2013 will continue to be backed up. If you disable this policy setting, certain user settings of Microsoft SharePoint Designer 2013 will n
cy setting, certain user settings of Microsoft Visio 2013 will not be backed up. If you do not configure this policy setting, any defined value
cy setting, certain user settings of Microsoft Visio 2013 will not be backed up. If you do not configure this policy setting, any defined value
policy setting, certain user settings of Microsoft Word 2013 will not be backed up. If you do not configure this policy setting, any defined va
policy setting, certain user settings of Microsoft Word 2013 will not be backed up. If you do not configure this policy setting, any defined va
user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft
user’s work computers with UE-V by default. Use this policy setting to prevent the user settings which are common between the Microsoft
vent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. If you enable this policy se
vent the user settings of Microsoft Office 365 Access 2013 from synchronization between computers with UE-V. If you enable this policy se
t the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. If you enable this policy setting,
t the user settings of Microsoft Office 365 Excel 2013 from synchronization between computers with UE-V. If you enable this policy setting,
prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. If you enable this poli
prevent the user settings of Microsoft Office 365 InfoPath 2013 from synchronization between computers with UE-V. If you enable this poli
the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. If you enable this policy setting, M
the user settings of Microsoft Office 365 Lync 2013 from synchronization between computers with UE-V. If you enable this policy setting, M
prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. If you enable this p
prevent the user settings of Microsoft Office 365 OneNote 2013 from synchronization between computers with UE-V. If you enable this p
revent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. If you enable this polic
revent the user settings of Microsoft Office 365 Outlook 2013 from synchronization between computers with UE-V. If you enable this polic
ng to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. If you enable
ng to prevent the user settings of Microsoft Office 365 PowerPoint 2013 from synchronization between computers with UE-V. If you enable
vent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. If you enable this policy s
vent the user settings of Microsoft Office 365 Project 2013 from synchronization between computers with UE-V. If you enable this policy s
o prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. If you enable this p
o prevent the user settings of Microsoft Office 365 Publisher 2013 from synchronization between computers with UE-V. If you enable this p
se this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between compute
se this policy setting to prevent the user settings of Microsoft Office 365 SharePoint Designer 2013 from synchronization between compute
the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. If you enable this policy setting,
the user settings of Microsoft Office 365 Visio 2013 from synchronization between computers with UE-V. If you enable this policy setting,
nt the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. If you enable this policy settin
nt the user settings of Microsoft Office 365 Word 2013 from synchronization between computers with UE-V. If you enable this policy settin
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
hronization between computers. If you enable this policy setting, the user settings which are common between the Microsoft Office Suite 2
is policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setti
is policy setting, Microsoft Access 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setti
y setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
y setting, Microsoft Excel 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any
able this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. If you do not configure this p
able this policy setting, Microsoft InfoPath 2010 user settings are excluded from the synchronization settings. If you do not configure this p
disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. If you do not configure th
disable this policy setting, Microsoft OneNote 2010 user settings are excluded from the synchronization settings. If you do not configure th
etting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
etting, Microsoft Lync 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any de
ble this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. If you do not configure this pol
ble this policy setting, Microsoft Outlook 2010 user settings are excluded from the synchronization settings. If you do not configure this pol
e. If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. If you do not
e. If you disable this policy setting, Microsoft PowerPoint 2010 user settings are excluded from the synchronization settings. If you do not
his policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. If you do not configure this policy se
his policy setting, Microsoft Project 2010 user settings are excluded from the synchronization settings. If you do not configure this policy se
disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. If you do not configure t
disable this policy setting, Microsoft Publisher 2010 user settings are excluded from the synchronization settings. If you do not configure t
ce 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are exc
ce 2010 user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Workspace 2010 user settings are exc
user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from
user settings continue to synchronize. If you disable this policy setting, Microsoft SharePoint Designer 2010 user settings are excluded from
icy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
icy setting, Microsoft Word 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, a
setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
setting, Microsoft Visio 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any d
ation. If you do not configure this policy setting, any defined values will be deleted.
ation. If you do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
If you do not configure this policy setting, any defined values will be deleted.
If you do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
onization. If you do not configure this policy setting, any defined values will be deleted.
onization. If you do not configure this policy setting, any defined values will be deleted.
zation. If you do not configure this policy setting, any defined values will be deleted.
zation. If you do not configure this policy setting, any defined values will be deleted.
n. If you do not configure this policy setting, any defined values will be deleted.
n. If you do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ble synchronization of users' sign-in information for certain apps, networks, and certificates. If you enable this policy setting, only the selec
ble synchronization of users' sign-in information for certain apps, networks, and certificates. If you enable this policy setting, only the selec
nd are always connected to the settings storage location. When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settin
nd are always connected to the settings storage location. When SyncMethod is set to “None,” the UE-V Agent uses no sync provider. Settin
eir VDI session. Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environ
eir VDI session. Enable this setting to register a VDI-specific settings location template and restore data on computers in pooled VDI environ
e settings for Windows apps. If you do not configure this policy setting, any defined values are deleted. Note: If the user connects their Mi
e settings for Windows apps. If you do not configure this policy setting, any defined values are deleted. Note: If the user connects their Mi
he UE-V tray icon is visible, the UE-V notifications display, and the Company Settings Center is accessible from the tray icon. With this setti
nt runs. With this setting disabled, no notification appears. If you do not configure this policy setting, any defined values are deleted.
nized. With this setting disabled, only the settings of the Windows apps set to synchronize in the Windows App List are synchronized. If you
ttings storage location before synchronizing settings packages. If you disable this policy setting, the sync provider doesn’t ping the settings s
ttings storage location before synchronizing settings packages. If you disable this policy setting, the sync provider doesn’t ping the settings s
n. If you do not configure this policy setting, any defined values are deleted.
n. If you do not configure this policy setting, any defined values are deleted.
onnection that is roaming. With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roam
onnection that is roaming. With this setting disabled, the UE-V Agent will not synchronize settings over a metered connection that is roam

values will be deleted.


erated profile are full control, or read and write access for the user, and no file access for the administrators group. By configuring this poli
ewly generated profile are full control access for the user and no file access for the administrators group. No checks are made for the corre
indows NT 4.0 definitions. %HOMESHARE% stores only the network share (such as \\server\share). %HOMEPATH% stores the remainder o
e when the user logs on again. The local copy is also used when the remote copy of the roaming user profile is slow to load. If you enable t
recognize any connections as being slow. As a result, the system does not respond to slow connections to user profiles, and it ignores the p
sta, a dialog box will be shown to the user during logon if a slow network connection is detected. The user then is able to choose to downl
data that should not be roamed then add only that application's specific folder under the AppData\Roaming folder rather than all of the Ap
was previously deleted on that client logs on, they will need to reinstall all apps published via policy at logon increasing logon time. You can
ne whether the registry files are included in the calculation of the profile size. -- Determine whether users are notified when the profile exc
changes they have made, is merged with the server copy of their profile. Using the setting, you can prevent users configured to use roamin
em cannot access users' server-based profiles when users log on or off. -- Users' local profiles are newer than their server-based profiles. I
licy setting, Windows will not log on a user with a temporary profile. Windows logs the user off if their profile cannot be loaded. If you dis
e registry (HKEY_CURRENT_USER) into a file (NTUSER.DAT) and updates it. However, if another program or service is reading or editing the
r, the local copy of their profile, including any changes, is merged with the server copy of the profile. Using this policy setting, you can pre
you enable this policy setting, the system waits for the remote copy of the roaming user profile to load, even when loading is slow. If you d
d related policy settings in this folder together define the system's response when roaming user profiles are slow to load. If you enable this
in the specified number of days. If you disable or do not configure this policy setting, User Profile Service will not automatically delete any
d only by Offline Files during user logon and logoff, and will be taken offline while the user is logged on. If you disable or do not configure t
ted version of their roaming user profile. If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, bu
t available on the computer (if the media is disconnected or the network adapter is not available). If you enable this policy setting, Windo
d, all users logging onto this computer will use the same roaming profile folder as specified by this policy. You need to ensure that you have
Run at set interval" is chosen, then an interval must be set, with a value of 1-720 hours. Once set, Windows uploads the profile's registry fi
desktop apps). In addition apps (not desktop apps) that have the enterprise authentication capability will also be able to retrieve the user's

uters, an administrator must use management software or a script to add primary computer attributes to the user's account in Active Direc
e path to a file share in the Path box (for example, \\ComputerName\ShareName), and then choose the drive letter to assign to the file sha
g, BitLocker recovery information is automatically and silently backed up to AD DS when BitLocker is turned on for a computer. This policy s
rmation. The user either can type a 48-digit numerical recovery password or insert a USB flash drive containing a 256-bit recovery key. If y
to save the recovery password in a folder. You can specify either a fully qualified path or include the target computer's environment variabl
ds available. This policy is only applicable to computers running Windows Server 2008, Windows Vista, Windows Server 2008 R2, or Window
ds available. This policy is only applicable to computers running Windows 8 and later. If you enable this policy setting you will be able to ch
operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XT
may improve restart performance but will increase the risk of exposing BitLocker secrets. If you disable or do not configure this policy setti
erated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or de
URL and want to revert to the default message, you must keep the policy enabled and select the "Use default recovery message and URL" o
support enhanced PINs in the pre-boot environment. It is strongly recommended that users perform a system check during BitLocker setu
meet complexity requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\
If you do not configure this policy setting, platform validation data will be refreshed when Windows is started following BitLocker recovery
l be permitted to change BitLocker PINs and passwords.
existing BitLocker-protected drives using the manage-bde command-line tool. An identification field is required for management of certific
in the certificate with the object identifier that is defined by this policy setting. Default object identifier is 1.3.6.1.4.1.311.67.1.1 Note: Bi
computer will verify the default Windows BCD settings. Note: When BitLocker is using Secure Boot for platform and Boot Configuration Da
y agent can be used it must be added from the Public Key Policies item in either the Group Policy Management Console or the Local Group
only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption ty
odule (TPM), two authentication methods can be used at startup to provide added protection for encrypted data. When the computer start
ocker on a computer without a TPM, select the "Allow BitLocker without a compatible TPM" check box. In this mode either a password or
create and use Network Key Protectors. To use a Network Key Protector to unlock the computer, both the computer and the BitLocker Dri
PM will validate before unlocking access to the BitLocker-encrypted operating system drive. If any of these components change while BitLo
mware with a Compatibility Service Module (CSM) enabled. Computers using a native UEFI firmware configuration store different values int
with BIOS or UEFI firmware with a Compatibility Service Module (CSM) enabled store different values into the Platform Configuration Regist
ot configure this policy setting, users can configure a startup PIN of any length between 6 and 20 digits. NOTE: If minimum PIN length is se
at control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support h
ernative means of pre-boot input (such as an attached USB keyboard). If this policy is not enabled, the Windows Recovery Environment mu
ntGo and HSTI compliant devices will have the choice to turn on BitLocker without pre-boot authentication. If this policy is not enabled, th
enable or do not configure this policy setting, BitLocker will use Secure Boot for platform integrity if the platform is capable of Secure Boot
he Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLocker Drive En
y requirements" located in Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also en
r will be mounted with read and write access.
omputers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can be viewed.
ced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors available on th
only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption ty
ol whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support hardware
dded from the Public Key Policies item in either the Group Policy Management Console or the Local Group Policy Editor. Consult the BitLock
e "Allow users to suspend and decrypt BitLocker on removable data drives" to permit the user to remove BitLocker Drive encryption from t
r Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\ must be also enabled. Note: These settings are enfo
on" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a
ocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, and their content can
re enforced when turning on BitLocker, not when unlocking a drive. BitLocker will allow unlocking a drive with any of the protectors availab
only the portion of the drive used to store data is encrypted when BitLocker is turned on. If you enable this policy setting the encryption ty
control whether BitLocker software-based encryption is used instead of hardware-based encryption on computers that do not support har
values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809. FrequencyCorrectRate This parameter controls
. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, se
figure this policy setting, the local computer clock does not synchronize time with NTP servers.

atic connection attempts to non-domain networks are blocked. - When the computer is already connected to a non-domain based network
ast one active connection to a Windows domain, a new automatic connection to the same Windows domain is also blocked. Additional ma
roaming provider Mobile Broadband networks.
nected standby mode.
xceeds 128 megabytes in size. No reboots or service restarts are required for this policy setting to take effect: changes take effect immedia
on will be taken. If you select detection, troubleshooting and resolution, the DPS will attempt to automatically fix problems it detects or ind

ng "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN
ng "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN
olicy setting, additional choices are available to turn off the operations over a specific medium. If you disable this policy setting, operation

flicts, Group policy Settings will override preference settings. If you disable this setting, only items defined by Group Policy will be used in t
eats, but prompts users to choose from the actions available for each threat. If you disable or do not configure this policy setting, Window

odetect If you enable this setting, the proxy setting will be set to use the specified proxy .pac according to the order specified above. If you
If you enable this setting, the proxy will be set to the specified URL according to the order specified above. The URL should be proceeded
configure this setting, scheduled tasks will begin at a random time within an interval of 30 minutes before and after the specified start tim
are service will be stopped when both antivirus and antispyware definitions are disabled. If the computer is restarted, the service will be st

to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and
ote that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it

etired then that protocol is no longer parsed. Enabling this feature helps to improve performance. On a computer that is up-to-date with al
}”. The value is not used and it is recommended that this be set to 0.

dows Defender Antivirus will prompt users to take actions on malware detections.
s configuration is only honored for NTFS volumes. For any other file system type, full monitoring of file and program activity will be present

Never (default) If you enable this setting, a scheduled full scan to complete remediation will run at the frequency specified. If you disable
ediation will run at the time of day specified. If you disable or do not configure this setting, a scheduled full scan to complete remediation

ording to the default value.


setting, CPU utilization will not exceed the default value.
do not configure this setting, the scan will start using the existing definitions.

led scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there will be
eduled scans, a catch-up scan is started the next time someone logs on to the computer. If there is no scheduled scan configured, there wi
d. If you disable or do not configure this setting, e-mail scanning will be disabled.

till be scanned during quick scan and custom scan.


will be enabled. If you disable or do not configure this setting, reparse point scanning will be disabled.

of days specified. If you disable or do not configure this setting, items will be kept in the scan history folder for the default number of day
is setting, a quick scan will run at a default time.

tting, a scheduled scan will run at the frequency specified. If you disable or do not configure this setting, a scheduled scan will run at a defa
will run at the time of day specified. If you disable or do not configure this setting, a daily quick scan will run at a default time.
ill run at the time of day specified. If you disable or do not configure this setting, a scheduled scan will run at a default time.
he 2 consecutive missed scheduled scans.
ns will be considered out of date after the number of days specified have passed without an update. If you disable or do not configure this
be considered out of date after the number of days specified have passed without an update. If you disable or do not configure this setting
tes. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be co
eServer | MMPC } If you enable this setting, definition update sources will be contacted in the order specified. Once definition updates hav
load source.
his functionality to work. If you enable or do not configure this setting, real-time definition updates will be enabled. If you disable this setti
setting, the check for definition updates will occur at the frequency specified. If you disable or do not configure this setting, the check for
s occurring. If you enable this setting, the check for definition updates will occur at the time of day specified. If you disable or do not confi
ure, the antimalware service will receive notifications to disable definitions. If you disable this setting, the antimalware service will not rec

the default interval.

y settings to be set as follows: MAPS -> The “Join Microsoft MAPS” must be enabled or the “Block at First Sight” feature will not function.

puter. This information can include things like location of detected items on your computer if harmful software was removed. The informa

3 = Remove 6 = Ignore
High 5 = Severe Valid remediation action values are: 2 = Quarantine 3 = Remove 6 = Ignore

l text specified will be displayed. If you disable or do not configure this setting, there will be no additional text displayed.
ndows Defender Antivirus documentation site. Note: This feature requires the "Join Microsoft MAPS" setting enabled in order to function.
extended cloud check feature, and will raise the total time to 60 seconds. Note: This feature depends on three other MAPS settings - "Con
ons can connect to dangerous domains, however if this feature would have blocked access if it were set to Block, then a record of the even
dify or delete files in protected folders. However, each event will be recorded in the Windows event log. Not configured: Same as Disabled
on for this setting. Enter each rule on a new line as a name-value pair: - Name column: Enter a valid ASR rule ID - Value column: Enter the
only that specific file in that specific folder - Value column: Enter ""0"" for each item Disabled: No exclusions will be applied to the ASR rul
. Disabled: No additional applications will be added to the trusted list. Not configured: Same as Disabled. You can enable controlled fold
olders that should be protected in the Options section. Disabled: No additional folders will be protected. Not configured: Same as Disabl

fications from the Windows Defender Security Center. Not configured: Same as Disabled.
or Skype ID -Specify contact email number or email ID -Specify contact website Disabled: No contact information will be shown on notifi
number or Skype ID -Specify contact email number or email ID -Specify contact website Disabled: No contact information will be shown
e as Disabled.
dows Defender Security Center or any notifications it creates. Not configured: Same as Disabled.
in either the Windows Defender Security Center or any notifications it creates. Not configured: Same as Disabled.
ured: Same as Disabled.
standard Open dialog box. If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog
Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect program
art Wordpad and, on the File menu, click Open. Note: In Windows Vista, this policy setting applies only to applications that are using the W
ell Folders that may be specified: Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searche
ew pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options. If you
roved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Micr
been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet
efault, the system displays shortcuts to the 10 most recently opened documents."
e can be read by everyone.
cy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
be confusing or distracting to some users. If you disable or do not configure this policy setting, users are allowed to turn on or off these m

users from using other methods to configure DFS. If you disable or do not configure this policy setting, the DFS tab is available.
y setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a direc
g or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other

search options command, and they will not be able to open Folder Options. If you disable or do not configure this policy setting, users can
t button to resolve problems with the device.
features of these tools. This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrati
ments folder is not displayed in the Web view or in My Computer. If you disable or do not configure this policy setting, the Shared Docume
t users from connecting to another computer by typing the name of a shared folder in the Run dialog box. Note: This setting was docume
ed in the Recyele Bin.
istrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credenti
users will be able to access the security tab.
of Internet browser windows, such as the Internet Explorer window. If you disable or do not configure this policy setting, the Search button

a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not re
gure this setting, the Windows Key hotkeys are available.
able or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Expl
ram as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administra

It is recommended to leave this protocol in the protected mode to increase the security of Windows. If you enable this policy setting the p
It is recommended to leave this protocol in the protected mode to increase the security of Windows. If you enable this policy setting the p
" link when the user performs a search in the Explorer window.
the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.as
sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pi
point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted. If you disable or do n
nonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or S

other than "Date Modified" and "Size" * Disable view of file content snippets in Content mode when search results are returned * Disable
d it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property wil

onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
onnectors. If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
or example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as searc
ed according to the path defined. If you disable or do not configure this policy setting, no changes are made to the location of the default L
ed according to the path defined. If you disable or do not configure this policy setting, no changes are made to the location of the default L
ot appear to be suspicious. Some information is sent to Microsoft about files and programs run on PCs with this feature enabled. If you en

h the Power Options Control Panel.


te to show through the Power Options Control Panel.

omain-joined, the file will be processed and default associations will be applied at logon time. If the group policy is not configured, disable
mputers to security risks.

enter the maximum amount of disk space to be used (in MB). To indicate that the cache size is unlimited, select "4294967295" as the maxi
only during setup. -- "Scan during startup" also scans files each time you start Windows XP. This setting delays each startup. If you disabl
block those messages. If you disable or do not configure this policy setting, Windows Defender Firewall makes no exception for messages
his list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Defender Fir
trators to define a local program exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Pa
ows Defender Firewall does not run and administrators who log on locally cannot start it. If you do not configure this policy setting, admini
Windows Defender Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can work around
ws Defender Firewall component of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it. I
ters, but it does not block outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you m
that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does no
fender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected
eptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Sho
fine a local port exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow
s XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE t
of Control Panel, the "Remote Desktop" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows
message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers an
which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the "UPnP framework" check
his list and set its status to Enabled, that program can receive unsolicited incoming messages on any port that it asks Windows Defender Fir
trators to define a local program exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Pa
ows Defender Firewall does not run and administrators who log on locally cannot start it. If you do not configure this policy setting, admini
Windows Defender Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can work around
ws Defender Firewall component of Control Panel, the "File and Printer Sharing" check box is selected and administrators cannot clear it. I
ters, but it does not block outbound echo request messages sent by Ping running on this computer. If you enable this policy setting, you m
that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does no
fender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected
eptions list, enable the policy setting and then click the Show button. To add a port, enable the policy setting, note the syntax, click the Sho
fine a local port exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow
s XP Professional with at least SP2 and Windows Server 2003 with at least SP1, this policy setting also allows SVCHOST.EXE and LSASS.EXE t
of Control Panel, the "Remote Desktop" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows
message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers an
which these incoming messages are allowed. In the Windows Defender Firewall component of Control Panel, the "UPnP framework" check

ent licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that th
first started. Some of the options can be configured by using other Windows Media Player group policies. If you disable or do not configur
g, users can show or hide the anchor window when the Player is in skin mode by using the Player tab in the Player. If you do not configure
essary, and the Use Video Smoothing check box is selected and is not available. If you do not configure this policy setting, video smoothing
log box and on the Privacy tab in the Player are not selected and are not available. If you disable or do not configure this policy setting, us
If you disable or do not configure this policy setting, anyone using Windows Media Player can turn media sharing on or off.
m the Internet check box in the first use dialog box and on the Privacy and Media Library tabs in the Player are not selected and are not avai

not configure this policy setting, the Player automatically retrieves radio station presets from the Internet.

a screen saver does not interrupt playback even if users have selected a screen saver. The Allow screen saver during playback check box is
automatically check box is not available. If you do not configure this policy setting, users can change the setting for the Download codecs a
r is in skin mode by using the Player tab in the Player. When this policy is not configured and the Set and Lock Skin policy is enabled, some
y settings are used for the options on the Privacy tab unless the user changed the settings previously. If you disable or do not configure thi
ot configure this policy setting, users can configure the security settings on the Security tab.
user's computer. If the skin is not installed on a user's computer, or if the Skin box is blank, the Player opens by using the Corporate skin. Th
must be specified because no default settings are used for the proxy. The options are ignored if Autodetect or Browser is selected. The Con
options are ignored if Autodetect is selected. The Configure button on the Network tab in the Player is not available and the protocol cann
options are ignored if Autodetect is selected. The Configure button on the Network tab in the Player is not available and the protocol canno

seconds that is specified is ignored. The "Use default buffering" and "Buffer" options on the Performance tab in the Player are not available
x is selected, a user can specify UDP ports in the Use ports check box. If the user does not specify UDP ports, the Player uses default ports w
uses Windows Messenger from that point on, Windows Messenger will be loaded. The user can also configure this behavior on the Prefere
uses Windows Messenger from that point on, Windows Messenger will be loaded. The user can also configure this behavior on the Prefere
r Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
r Configuration. If both are present, the Computer Configuration version of this policy setting takes precedence.
c authentication.

ure this policy setting, the WinRM client uses the Kerberos authentication directly.

are used to authenticate the identity of the host. If you disable or do not configure this policy setting and the WinRM client needs to use th
network, configure the Windows Firewall policy setting with exceptions for Port 5985 (default port for HTTP). If you disable or do not confi
85. A listener might be automatically created on port 80 to ensure backward compatibility.
o 5986. A listener might be automatically created on port 443 to ensure backward compatibility.

ssword configuration value will be erased from the credential store on this computer. If you disable or do not configure this policy setting,

onfigure the hardening level locally on each computer. If HardeningLevel is set to Strict, any request not containing a valid channel binding

nating the open shell. If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.

minated when a new allocation exceeds the specified quota. If you disable or do not configure this policy setting, the value 150 is used by

wo remote shells per user.

an change using Settings in the Windows Store.


dows Store.

you enable this setting, it prohibits Windows from searching for updates. If you disable or do not configure it, Windows searches for upda
nfigure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are
nfigure this policy setting, the 'Install Updates and Shut Down' option will be available in the Shut Down Windows dialog box if updates are
u want the computer to do?' list. If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be th
u want the computer to do?' list. If you disable or do not configure this policy setting, the 'Install Updates and Shut Down' option will be th
tified about nor will you receive critical updates from Windows Update. This setting also prevents Device Manager from automatically instal
installing any updates. When Windows finds updates that apply to this computer, users will be notified that updates are ready to be down
name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated works
2 hours. Note: The "Specify intranet Microsoft update service location" setting must be enabled for this policy to have effect. Note: If the
ptional, recommended, and important content for which they received a notification. Users will not see a User Account Control window an
is disabled, this policy has no effect.
gured to do so.
ce. If you enable this policy setting, a notification message will appear on the user's computer when featured software is available. The us
es to be applied, then Windows Update will use the Windows Power management features to automatically wake the system up to install
o restart the computer. Be aware that the computer needs to be restarted for the updates to take effect. If the status is set to Disabled or N
dows Update will not alter its restart behavior. If the "No auto-restart with logged on users for scheduled automatic updates installations"
to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect. This policy
stallations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
xt scheduled installation. If the status is set to Not Configured, a missed scheduled installation will occur one minute after the computer is
pecify multiple group names separated by semicolons. Otherwise, a single group must be specified. If the status is set to Disabled or Not C
e store of the local computer. If you disable or do not configure this policy setting, updates from an intranet Microsoft update service locati
re to stop working. Note: This policy applies only when this PC is configured to connect to an intranet update service using the "Specify int
iew and you want to gracefully opt out the device for flighting. This option will provide preview builds until devices reaches the next public
el receive new builds of Windows before they are available to the general public, but at a slower cadence than those set to Fast, and with
le or do not configure this policy, Windows Update will not alter its behavior. Note: If the "Allow Telemetry" policy is set to 0, this policy w

no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatically restart at schedu
his policy, the PC will restart according to the default schedule. If any of the following two policies are enabled, this policy has no effect: 1

rior to a scheduled restart to notify the user that the auto restart is imminent to allow them time to save their work. If you disable or do n
u can specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline ca

e named pipe remote shutdown interface.

unsuccessful logon attempted with that user name, and the number of unsuccessful logons since the last successful logon by that user. This
hours expire, if actions have been set to occur when the logon hours expire. Note: If you configure this setting, you might want to examine
gon hours. If you choose to log off a user, the user might lose unsaved data. If you enable this setting, the system will perform the action y
ns can simulate the SAS. If you set this policy setting to "Services and Ease of Access applications," both services and Ease of Access applic

ame of the interface program, including the file name extension, in the Shell name text box. If the interface program file is not located in a
omatically signed-in and the session is automatically locked with all the lock screen apps configured for that user. If you disable this policy
work traffic.
will not be automatically terminated during shutdown. If you disable or do not configure this setting, these applications will be automatic

onstraints. - Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable:

nect to networks shared by my contacts" enables Windows to automatically connect to networks that the user's contacts have shared with

ork Folders will use the settings specified in the "Specify Work Folders settings" policy setting in User Configuration\Administrative Templat
rs discovery, or the specific URL of the file server that stores the affected users' data. The "Work Folders Local Path" specifies the local fold

configure this policy setting, toast notifications are enabled and can be turned off by the administrator or user. No reboots or service resta

eatures will not be able receive notifications from the network from WNS or via notification polling APIs. If you enable this policy setting, n
e able to change this or any other Quiet Hours settings. If you do not configure this policy setting, Quiet Hours are enabled by default but
icy setting, a default value will be used, which administrators and users will be able to modify.
y setting, a default value will be used, which administrators and users will be able to modify.
er Quiet Hours settings. If you do not configure this policy setting, voice and video calls will be allowed during Quiet Hours by default. Adm

se of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is cos
e of this connection is not restricted by usage charges and capacity constraints up to a certain data limit. - Variable: This connection is cost
ar access control page is showed by default.
nization can decide whether Windows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If you
tion. Note: Wild card characters cannot be used when specifying the host URLs.
t passes all validation criteria. If you are aware that a trusted site has a certificate error but you want to trust it anyway you can select the c
y, use Software Installation. If you disable this setting or do not configure it, all programs (Category: All) are displayed when the "Add New
tting is ignored. Also, if the "Prevent removable media source for any install" setting (located in User Configuration\Administrative Templates

e available, to recommend their use, or to enable users to install them without having to search for installation files. If you enable this setti

available to all users. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent user
This setting does not prevent users from using other tools and methods to change program access or defaults. This setting does not prev

does not prevent users from using other methods to configure services. Note: When "Set up services" does not appear, clicking the Add/R
formation on the Internet, such as the Microsoft Product Support Services Web page. If you disable this setting or do not configure it, the
ent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks u
ase use 'Manage preview builds' under 'Windows Update for Business' for newer Windows 10 versions.
MS-DOS subsystem is running, any subsequent 16-bit applications launch faster, but overall resource usage on the system is increased. If t
lication using this interface.
nsure that telemetry collection has stopped for all applications, please reboot your machine.
are of compatibility of the applications they are using. If you disable or do not configure this policy setting, the Switchback will be turned o
any popular legacy applications, and will not block known incompatible applications from installing. (For Instance: This may result in a blue

patibility issues when running applications. Turning off the PCA can be useful for system administrators who require better performance an
ou disable or do not configure this policy setting, Steps Recorder will be enabled.
he Inventory Collector will be turned on. Note: This policy setting has no effect if the Customer Experience Improvement Program is turne

Application Guard. If you enable this functionality, a potentially compromised Application Guard session will have access to the host device
e the resulting file on the host. If you disable or don't configure this setting, all print functionality is turned off in Application Guard.

ee data, regardless of configuration, and can result in data loss for the employee. If you disable or don't configure this setting, Application

vacy on the device. If you choose the "Force Allow" option, Windows apps are allowed to access account information and employees in yo
ice. If you choose the "Force Allow" option, Windows apps are allowed to access the calendar and employees in your organization cannot
If you choose the "Force Allow" option, Windows apps are allowed to access the call history and employees in your organization cannot ch
e. If you choose the "Force Allow" option, Windows apps are allowed to access the camera and employees in your organization cannot cha
ou choose the "Force Allow" option, Windows apps are allowed to access contacts and employees in your organization cannot change it. If
oose the "Force Allow" option, Windows apps are allowed to access email and employees in your organization cannot change it. If you cho
u choose the "Force Allow" option, Windows apps are allowed to access location and employees in your organization cannot change it. If y
s > Privacy on the device. If you choose the "Force Allow" option, Windows apps can read or send messages and employees in your organiz
the device. If you choose the "Force Allow" option, Windows apps are allowed to access the microphone and employees in your organizati
ce. If you choose the "Force Allow" option, Windows apps are allowed to access motion data and employees in your organization cannot c
ice. If you choose the "Force Allow" option, Windows apps are allowed to access notifications and employees in your organization cannot
If you choose the "Force Allow" option, Windows apps are allowed to make phone calls and employees in your organization cannot change
on the device. If you choose the "Force Allow" option, Windows apps will have access to control radios and employees in your organization
eless devices by using Settings > Privacy on the device. If you choose the "Force Allow" option, Windows apps are allowed to communicate
ose the "Force Allow" option, Windows apps are allowed to access tasks and employees in your organization cannot change it. If you choos
e device. If you choose the "Force Allow" option, Windows apps are allowed to access trusted devices and employees in your organization
e device. If you choose the "Force Allow" option, Windows apps are allowed to run in the background and employees in your organization
et diagnostic information about other apps using Settings > Privacy on the device. If you choose the "Force Allow" option, Windows apps a

ding the reporting data. Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reportin
it (Hour 0-23, Day 0-31). User Publishing Refresh: Enables user publishing refresh (Boolean). User Publishing Refresh On Logon: Triggers
it (Hour 0-23, Day 0-31). User Publishing Refresh: Enables user publishing refresh (Boolean). User Publishing Refresh On Logon: Triggers
it (Hour 0-23, Day 0-31). User Publishing Refresh: Enables user publishing refresh (Boolean). User Publishing Refresh On Logon: Triggers
it (Hour 0-23, Day 0-31). User Publishing Refresh: Enables user publishing refresh (Boolean). User Publishing Refresh On Logon: Triggers
it (Hour 0-23, Day 0-31). User Publishing Refresh: Enables user publishing refresh (Boolean). User Publishing Refresh On Logon: Triggers

le from loading User profiles for the Guest account and members of the Guests group If you enable this policy setting, Group Policy allow

do not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
do not configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
ble or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling
ble or do not configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme. Note: Enabling

ent URI Rules.

m being opened. If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are open
e restrictive recommendation which will cause users to see more trust prompts than choosing the other options. If you enable this policy
with their zone information. If you do not configure this policy setting, Windows marks file attachments with their zone information.
e check box and Unblock button. If you do not configure this policy setting, Windows hides the check box and Unblock button.
estricted or Internet zone, Windows prompts the user before accessing the file. Low Risk: If the attachment is in the list of low-risk file type
e types. If you disable this policy setting, Windows uses its built-in list of file types that pose a high risk. If you do not configure this policy
f you disable this policy setting, Windows uses its default trust logic. If you do not configure this policy setting, Windows uses its default tr
setting, you can specify file types which pose a moderate risk. If you disable this policy setting, Windows uses its default trust logic. If you
re this policy setting, the process's command line information will not be included in Audit Process Creation events. Default: Not configure
ether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy se
ether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog. If you enable this policy se

ge devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This po
ge devices. If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives. This po

ot be sent to Microsoft)

ture in Windows. Note: Users who log on using biometrics should create a password recovery disk; this will prevent data loss in the event
cy setting, biometrics cannot be used by any users to log on to a local Windows-based computer. Note: Users who log on using biometrics
rs from using biometrics to log on.

nced anti-spoofing for Windows Hello face authentication is not required on unmanaged devices.
long period of time and still have pending jobs. Consider decreasing this value if you are concerned about orphaned jobs occupying disk s
or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
. You can specify the limit in kilobits per second (Kbps). If you specify a value less than 2 kilobits, BITS will continue to use approximately 2 k
work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and l
l priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to
d files, BITS downloads them from the origin server. If you enable this policy setting, BITS downloads files from peers, caches the files, and
s will be removed from the peer cache. Note: This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or n
percent. If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk si
r do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to
ffer downloaded and cached files to its peers. Note: This setting has no effect if the "Allow BITS peer caching" setting is disabled or not con
vior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching. If you enable this policy setting, you can enter a v
hat are created by specifying only a priority. For example, you can specify that background jobs are by default to transfer only when on un
d by services and the local administrator account do not count toward this limit.
be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum numbe
local administrator account do not count toward this limit.
tor account do not count toward this limit.
er than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative setting

communications configured in that service, when available. If your organization does not have an Enterprise spotlight content service, the

may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recomm
Telemetry" policy setting with a level of "Basic" or below, users may see a limited set of tips. Also, this setting only applies to Enterprise an

what's new, changed, and suggested.


loads it. The resulting searches might make some programs start or run slowly. If you disable or do not configure this policy setting, the pro
loads it. The resulting searches might make some programs start or run slowly. If you disable or do not configure this policy setting, the pro

w and the Start screen. To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel i

a context menu, a message appears explaining that a setting prevents the action.
nable this policy setting and click Show to access the list of allowed Control Panel items. In the Show Contents dialog box in the Value colum
a list of pages to hide. To specify a list of pages to show, the policy string must begin with "showonly:" (without quotes), and to specify a lis
me dialog is available in the Personalization or Display Control Panel. For systems prior to Windows Vista, this setting hides the Appearance

saver runs, provided the following two conditions hold: First, a valid screen saver on the client is specified through the "Screen Saver execu
users can select any screen saver. If you enable this setting, type the name of the file that contains the screen saver, including the .scr file
om changing the password protection setting. If you do not configure this setting, users can choose whether or not to set password protec
le Screen Saver" setting is disabled. - Neither the "Screen saver executable name" setting nor the Screen Saver dialog of the client comput
lpaper. Refer to KB article: Q327998 for more information. Also, see the "Allow only bitmapped wallpaper" setting.

system default.

g themes (if the Personalization Control Panel is available). Note: If this setting is enabled and the file is not available at user logon, the de

o Enterprise, Education, and Server SKUs.

Start background" policy is also set on a supported version of Windows, then that background takes precedence over this policy.
can type a local path, such as C:\Windows\Web\Screen\img104.jpg or a UNC path, such as \\Server\Share\Corp.jpg. This can be used in c
e this policy setting, the default user account picture will display for all users on the system with no customization allowed. If you disable o
erent than the domain to which the computer is joined. If you disable or do not configure this policy setting, the default logon domain is a
r can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication pu

nsaver turns on, the screensaver timeout will limit the options the user may choose. If you disable this policy setting, a user cannot change
redential Providers.
ndows. If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer.
chine. Note: The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Serv
tion, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). If you disable this
tials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). If you disable this policy setting, delegation of fre
tual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*). I
of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a mem
Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single
more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a
e set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegat
supported: Restrict credential delegation: Participating applications must use Restricted Admin or Remote Credential Guard to connect t
pass their credentials to the host.

setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Win
word entry text box. To display the password, click the password reveal button. The policy applies to all Windows components and applicati
word entry text box. To display the password, click the password reveal button. The policy applies to all Windows components and applicati

and then click Lock this computer.


prevents the action. If you disable or do not configure this policy setting, users can access Task Manager to start and stop programs, mon

same data as a value of 0, plus a very limited amount of diagnostic data such as basic device info, quality-related data, and app compatibili
same data as a value of 0, plus a very limited amount of diagnostic data such as basic device info, quality-related data, and app compatibili

sing the default proxy configuration. The format for this setting is <server>:<port>
to associate this machine and its telemetry data with your organization.

https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with no
figure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions"
For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to
th Mode 2. 3=HTTP blended with Internet Peering. 99=Simple download mode with no peering. Delivery Optimization downloads using HT

ws Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
ws Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.

this setting is not the same as deleting it. Items that are removed from the "Add" list are not removed from the desktop. They are simply n

User Configuration\Administrative Templates\Control Panel\Display) settings.


specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use
he name of a Windows domain, and click Find. Type the name of an object in the directory, such as "Administrator." If the filter bar does n

or do not configure it, the system displays up to 10,000 objects. This consumes approximately 2 MB of memory or disk space. This setting

rom saving data to the Desktop.


clicking the Desktop tab and then clicking the Customize Desktop button.
e this setting, Computer is hidden on the desktop, the new Start menu, the Explorer folder tree pane, and the Explorer Web views. If the u
make changes to this setting effective, you must log off from and log back on to Windows 2000 Professional.

olbars" setting.

his is enabled, kernel mode memory protections are enforced and the Code Integrity validation path is protected by the Virtualization Base
Policy.p7b). The local machine account (LOCAL SYSTEM) must have access permission to the policy file. If using a signed and protected po
prioritized equally during the driver selection process. Selection is based on other criteria, such as version number or when the driver was

you disable or do not configure this policy setting, Windows creates a system restore point as it normally would.

ote desktop server. If you disable or do not configure this policy setting, members of the Administrators group are subject to all policy setti
te, unless another policy setting specifically prevents installation (for example, the "Prevent installation of devices that match these device
ection of the specified devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setti
create, unless another policy setting specifically prevents that installation (for example, the "Prevent installation of devices that match any o
vices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, devices can be insta
rom installing removable devices and existing removable devices cannot have their drivers updated. If you enable this policy setting on a re
evice driver for any device that is not described by the "Prevent installation of devices that match any of these device IDs," "Prevent install

ators group are allowed to install new device drivers on the system.
system to proceed with the installation even if it includes unsigned files. -- "Warn" notifies the user that files are not digitally signed and

hes the installation location, floppy drives, and CD-ROM drives. Note: To prevent searching Windows Update for drivers also see "Turn off
ndows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Wind
ndows Update device driver searching" is disabled or not configured, the administrator will be prompted for consent before going to Wind
device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a d
e this policy setting, members of the Administrators group can determine the server used in the search for device drivers.
ether Windows retrieves device metadata from the Internet.
minutes. If you try to set this setting to a value less than 15 minutes, the default value of 15 minutes is applied.

y. This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Se
y to minimize potential data loss. If you disable this policy, S.M.A.R.T. faults are still detected and logged, but no corrective action is taken.
ause a slight increase in the time taken for shutdown and hibernate. If you do not configure this policy setting, the default behavior is obse
ote: This policy setting is applicable only if the NV cache feature is on.
u enable this policy setting, the system will not manage the NV cache and will not enable NV cache power saving mode. If you disable this
nfigure this policy setting, the default behavior of the system is observed and frequently written files will be stored in the NV cache. Note:
le a setting is in effect, the system disables the "Enable quota management" option on the Quota tab of NTFS volumes. Note: This policy se
a limit is not enforced by default, but administrators can change the setting. Enforcement is optional. When users reach an enforced disk q
ables the corresponding options in the "Select the default quota limit for new users of this volume" section on the Quota tab. This policy s
ators cannot change the setting while a setting is in effect. If you do not configure this policy setting, no events are recorded, but administ
do not configure this policy setting, no event is recorded, but administrators can use the Quota tab option to change the logging setting. T

ced) setting, or an application manifest. If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be t
d on for legacy applications. If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.

pplied connection specific DNS suffix, if configured.


setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied list of D
ntrol panel. You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix. If you dis
a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com. If you enable this policy setting, a computer will r
ster: Computers will not attempt to register PTR resource records. Register: Computers will attempt to register PTR resource records even
w dynamic DNS registration, and this policy setting must not be disabled. If you disable this policy setting, computers may not use dynamic
an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the clie
to delete stale records. Warning: If record scavenging is enabled on the zone, the value of this policy setting should never be longer than th
ng, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com." To use this policy
ecify in this policy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use local settings. B
r needs to update, except the root zone. If you disable this policy setting, or if you do not configure this policy setting, computers do not s
DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary and connection specific DNS suffixes r
main name. The DNS client appends DNS suffixes to the single-label, unqualified domain name based on the state of the Append primary a
his policy setting, LLMNR will be disabled on all available network adapters on the client computer. If you disable this policy setting, or you
corp" will be queried by the DNS client first. If the query succeeds, the response is returned to the client. If the query fails, the unqualified m
orks first. LLMNR queries will be issued if the DNS queries fail, followed by NetBT queries if LLMNR queries fail. If you disable this policy setti
tting, the DNS client will prefer link local responses for flat name queries on non-domain networks. Note: This policy setting is applicable o

r binding order. If you disable this policy setting, or if you do not configure this policy setting, then DNS responses from networks lower in

Changing this policy setting requires a logoff for it to be applied.


Changing this policy setting requires a logoff for it to be applied.

mes that cannot be changed by users.


mes that cannot be changed by users.
etting, Open Extended Dictionary can be added and used by default. This policy setting is applied to Japanese Microsoft IME and Simplified

d it clears self-tuned words from the custom dictionary. This policy setting is applied to Japanese Microsoft IME and Simplified Chinese Mi
C(GAIJI) 0x0200 // S-JIS unmapped area 0x0400 // Unicode char 0x0800 // surrogate char 0x1000 // IVS char 0xFFFF // no definition. If y
Note: Changes to this setting will not take effect until the user logs off.
this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature. This Policy setting ap
this policy setting, it will be turned off by default, and the user can turn on and turn off the cloud candidates feature. This Policy setting ap
lt, and the user can turn on and turn off the lexicon udpate feature. This Policy setting applies only to Microsoft CHS Pinyin IME.
has been identified as malware, but the computer cannot successfully boot without loading this driver. - Unknown: This driver has not be

d the user can configure this setting.


ill be listed in the menu by default, and users can configure this setting.

crypts those files automatically.

ot configured, then Control Panel settings for Windows Error Reporting override this policy setting. If you enable this policy setting, the setti
ve no notification. Disabling this policy setting is useful for servers that do not have interactive users. If you do not configure this policy setti
etting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication setting
etting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication setting

ore than one CAB file for a report that contains data about the same event types.
ore than one CAB file for a report that contains data about the same event types.
rding to the default consent and notification settings.
rding to the default consent and notification settings.
not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data u
not configure this policy setting, WER checks for solutions while a computer is running on battery power, but does not upload report data u

rors in Windows check box is filled, all errors in Windows applications are reported, regardless of the setting in the Default dropdown list. T
example: notepad.exe). File names must always include the .exe file name extension. Errors that are generated by applications in this list ar
olicy setting is configured to report all application errors. If you enable this policy setting, you can create a list of applications that are alwa
Error Reporting policy setting.
efore older reports are automatically deleted. If you disable or do not configure this policy setting, no Windows Error Reporting informatio
efore older reports are automatically deleted. If you disable or do not configure this policy setting, no Windows Error Reporting informatio
setting, Windows Error Reporting sends error reports to Microsoft.
xe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the E
xe file name extension. To remove an application from the list, click the name, and then press DELETE. If this policy setting is enabled, the E
ntil the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Pa
ntil the user is prompted to send the reports, or until the user sends problem reports by using the Solutions to Problems page in Control Pa
for this event type. - 1 (Always ask before sending data): Windows prompts the user for consent to send reports. - 2 (Send parameters): W
for this event type. - 1 (Always ask before sending data): Windows prompts the user for consent to send reports. - 2 (Send parameters): W

mpts users for consent to send any additional data that is requested by Microsoft. - Send parameters and safe additional data: the minimum
mpts users for consent to send any additional data that is requested by Microsoft. - Send parameters and safe additional data: the minimum
=<Thumb print of the client authentication certificate>. When using the HTTP protocol, use port 5985. If you disable or do not configure th

y setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
setting to enforce this change across all tools and APIs.
us policy setting configuration remains in effect.

y setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
d administrators can read or clear this log. Note: If you enable this policy setting, some tools and APIs may ignore it. The same change shou

y setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
setting to enforce this change across all tools and APIs.
us policy setting configuration remains in effect.

y setting and the "Retain old events" policy setting is enabled, new events are discarded and the old events are retained.
ser can read events from it. Note: If you enable this policy setting, some tools and APIs may ignore it. The same change should be made to

public key that they were encrypted with. If you disable or do not configure this policy setting, components will not encrypt event log me

gs from the device by running the Get-ProcessMitigation PowerShell cmdlet or using the Export button at the bottom of the Exploit Protecti
t prevent the user from being able to add new items such as files and folders to their actual file system profile folder at %userprofile%.

n a USB device is connected will not be enabled unless a user configures the option manually in the BIOS or other boot order configuration

n a system restart is required. This behavior is recommended for headless operation. Troubleshooting Only: Detection and troubleshootin
omain name format. Example value: Contoso.com,ContosoIT.HumanResourcesApp_m5g0r7arhahqy If you enable this policy setting, th

es are created on a given volume. If you disable short name creation on all data volumes then short names will only be generated for files

evice and its location are not registered and the Find My Device feature will not work.The user will also not be able to view the location of
nfigure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these
Note: This policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching",
share is configured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user inte
nfigure this policy setting, Windows Vista, Windows 7, Windows 8, and Windows Server 2012 will use the standard English names for these
ot copied to the new location. To use this policy setting, you must move or restore the server content to the new network location using a m
Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. If
Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Active Directory schema to function. If
icy setting, the Details Pane is hidden by default and can be displayed by the user. This is the default policy setting.

p for resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. This pol

, even if this policy setting is not configured. If you enable this policy setting, the user cannot select a custom locale as their user locale, bu
, even if this policy setting is not configured. If you enable this policy setting, the user cannot select a custom locale as their user locale, bu
m locale to English (United States) and English (Canada). If you enable this policy setting, administrators can select a system locale only from
enabled for their user account on the sign-in page.
on (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (
on (;). For example, en-US is English (United States). Specifying "en-CA;fr-CA" would restrict the user locale to English (Canada) and French (
per-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
per-user policy settings. To set this policy setting on a per-user basis, make sure that the per-computer policy setting is not configured.
th user overrides. If this policy setting is disabled or not configured, then the user can customize their user locale overrides. If this policy is
th user overrides. If this policy setting is disabled or not configured, then the user can customize their user locale overrides. If this policy is
t configure this policy setting, the user can see the Administrative options. Note: Even if a user can see the Administrative options, other po
if a user can see the GeoID option, the "Disallow changing of geographical location" option can prevent them from actually changing their
UI language. Note: Even if a user can see the option to change the UI language, other policy settings can prevent them from changing their
the user locale.
er can specify which UI language is used.
r do not configure this policy setting, there is no restriction on which language users should use. To enable this policy setting in Windows S
estriction of a specific language used for the Windows menus and dialogs.
Vista, use the "Restricts the UI languages Windows should use for the selected user" policy setting. If you disable or do not configure this p
ence. Note that the availability and function of this setting is dependent on supported languages being enabled.
nfigured, then the user will be free to change the setting according to their preference. Note that the availability and function of this settin
ability and function of this setting is dependent on supported languages being enabled.
unction of this setting is dependent on supported languages being enabled.
scheduled clean up task.
ot be available for all languages, even when inking and typing is available. If this policy is enabled, automatic learning of speech, inking, an
reater than the specified value are interpreted as being preceded by 19. For example, the default value, 2029, specifies that all two-digit y
d new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email conten
d new words not already known to the handwriting recognition engines (for example, proper names and acronyms). Deleting email conten
figure this policy setting, Windows Server applies user Group Policy settings synchronously. Note: This policy setting applies only to compu

N_MITIGATION_POLICY_DEP_ENABLE (0x00000001) Enables data execution prevention (DEP) for the child process PROCESS_CREATION_M
N_MITIGATION_POLICY_DEP_ENABLE (0x00000001) Enables data execution prevention (DEP) for the child process PROCESS_CREATION_M
tting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
depends on the Windows edition. Changes to this policy take effect on reboot.

Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the policy informa
d. When Group Policy runs in background mode or asynchronous foreground mode, it continues to download the latest version of the polic
y after logon. If you do not configure this policy setting, Group Policy will wait five minutes before running logon scripts.

andwidth speed is detected, Group Policy will default to a slow network connection. This policy setting allows the administrator the option
n. Existing users will be logged on using cached credentials, which will result in shorter logon times. Group Policy will be applied in the bac
g, Local GPOs continue to be applied. Note: For computers joined to a domain, it is strongly recommended that you only configure this po
ng, Group Policy will use this administratively configured maximum wait time and override any default or system-computed wait time. If yo
cal forest. A warning message appears to the user, and an event log message (1529) is posted. - Loopback Group Policy processing is applie
en it was installed. If you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not co
tting, it has no effect on the system. The "Allow processing across a slow network connection" option updates the policies even when the
system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted
you enable this policy setting, you can use the check boxes provided to change the options. If you disable or do not configure this policy setti
isable or do not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" opti
o not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option updates
ackground processing" option prevents the system from updating affected policies in the background while the computer is in use. When b
oss a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection,
o not apply during periodic background processing" option prevents the system from updating affected policies in the background while th
n the system. The "Allow processing across a slow network connection" option updates the policies even when the update is being transm
tem. The "Allow processing across a slow network connection" option updates the policies even when the update is being transmitted acro
w RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the c
w RSoP data on a client computer, use the RSoP snap-in for the Microsoft Management Console. You can launch the RSoP snap-in from the c
O. Changing the status of this setting to Enabled will keep any source files from copying to the GPO. Changing the status of this setting to D
and "Set Group Policy refresh interval for users" policy settings. Note: If you make changes to this policy setting, you must restart your com
licy setting applies only to non-administrators. Administrators can still invoke a refresh of computer policy at any time, no matter how this p
ned on, and administrators cannot turn it off. As a result, Group Policy Object Editor displays only true settings; preferences do not appear.
o the domain controller that Active Directory Users and Computers or Active Directory Sites and Services snap-ins use. "Use any available d
lets you override the programs' specified responses to slow links. If you enable this setting, you can, in the "Connection speed" box, type a
lets you override the programs' specified responses to slow links. If you enable this setting, you can, in the "Connection speed" box, type a
pdate rate from 0 to 64,800 minutes (45 days). If you select 0 minutes, the computer tries to update Group Policy every 7 seconds. Howeve
updates might interfere with users' work and increase network traffic, very short update intervals are not appropriate for most installation
0 minutes (45 days). If you select 0 minutes, the computer tries to update user Group Policy every 7 seconds. However, because updates m

t links are created in the enabled state. If you do not want them to be effective until they are configured and tested, you must disable the o
h ADM files. - If you later edit the GPO from a different-language system, you get the English ADM files as they were in the GPO. You can c
ys on. Note: To view the RSoP information logged on a client computer, you can use the RSoP snap-in in the Microsoft Management Conso
licy Objects determine which set of Group Policy Objects applies. If you enable this setting, you can select one of the following modes from
y setting, Group Policy uses this administratively configured maximum wait time for workplace connectivity, and overrides any default or sy
riority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the upda
rors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference exten
ng priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the u
errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference ext
." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitt
ng for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed und
iority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the updat
s, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extensio
kground processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items
errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference exte
1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitted across
s extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed under User C
ts (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network conn
s and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preferenc
Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmitte
g for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed unde
e." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmi
ng for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed und
ority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update
cing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed un
anged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option upd
this extension includes only warnings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perfo
GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connecti
arnings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this pre
processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even wh
ngs and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this prefer
unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" optio
s and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preferenc
objects (GPOs) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network
ng for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed un
und processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even
arnings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this pre
dle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transm
cing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed un
) are unchanged. By default, background processing priority is "Idle." Notes: 1. The "Allow processing across a slow network connection" o
nings and errors, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this prefe
e." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is transmi
cing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension listed u
"Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the update is tran
d tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extension liste
iority is "Idle." Notes: 1. The "Allow processing across a slow network connection" option updates preference items even when the updat
s, and tracing for this extension is turned off. Notes: 1. User Configuration tracing: To perform tracing for items in this preference extensio
of preference extensions. If you disable this policy setting, you prohibit use of Applications snap-ins, and new Application preference items
is policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-i
er Control Panel Settings for Computer Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted lis
tted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure t
ist of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this po
s policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-in
his policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-
y setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" poli
licy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" p
mitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure
licy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" p
is policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference
citly permitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not
ermitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configu
e this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of sn
mitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure
ist of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configure this p
his policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference
olicy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" p
rmitted list of snap-ins" policy setting. If you disable this policy setting, you prohibit use of the preference extension. If you do not configu
policy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference ext
policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins"
icy setting, you prohibit use of the preference extension. If you do not configure this policy setting, you permit use of the preference exten
ntrol Panel Settings for User Configuration. Enabling this policy setting overrides the "Restrict users to the explicitly permitted list of snap-i
If you disable this policy setting, you prohibit use of the Preferences tab. If you do not configure this policy setting, you permit use of the

he policy setting and enter the desired folders in the text box on the Settings tab of the Policy Properties dialog box. Use a semicolon to sep
available in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Config
available in Computer Configuration\Security Settings. Note: This policy setting is available under Computer Configuration and User Config
HTML Help Executable. If you disable or do not configure this policy setting, DEP is turned on for HTML Help Executable. This provides an
e elements).

cally probed for WISPR protocol support. If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and
icy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
icy setting, all of the the policy settings in the "Internet Communication settings" section are set to not configured.
e this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Wi
tting, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration
tting, users can choose to print to Internet printers over HTTP. Also, see the "Web-based printing" policy setting in Computer Configuration
download print drivers over HTTP.
download print drivers over HTTP.
rompt" in "Administrative Templates/System," which governs whether an administrator is prompted before searching Windows Update for
d. If you enable this policy setting, event description hyperlinks are not activated and the text "More Information" is not displayed at the e
Did you know?" content. You might want to enable this policy setting for users who do not have Internet access, because the content in th
er is searched. If you disable or do not configure this policy setting, the Knowledge Base is searched if the user has a connection to the Inte

However, Windows Product Activation is required but does not involve submitting any personal information (except the country/region you
m the Control Panel for error reporting. Also see the "Configure Error Reporting", "Display Error Notification" and "Disable Windows Error R
prevents Device Manager from automatically installing driver updates from the Windows Update website. If you disable or do not configur
h Companion downloads content updates unless the user is using Classic Search. Note: Internet searches still send the search text and info
nfigure this policy setting, the user is allowed to use the Web service.
nfigure this policy setting, the user is allowed to use the Web service.
ng, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
ng, the user is allowed to use the Store service and the Store item is available in the Open With dialog.
he local registry are displayed. If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses t
he local registry are displayed. If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses t

ormation are not shown. If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is n
ormation are not shown. If you disable this policy setting, Windows Messenger collects anonymous usage information, and the setting is n
dly. If you enable this policy setting, all users are opted out of the Windows Customer Experience Improvement Program. If you disable thi
and of other components that use NCSI, to determine Internet access. If you disable or do not configure this policy setting, NCSI runs one o
mputer. If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS
olicy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Rati
trator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click
strator-approved Active-X controls and plug-ins under security zones. If you disable this policy or do not configure it, this control will not be
click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify S
To specify how administrator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click
hors to control the placement and appearance of Windows pop-up menus on Web pages -- Popup Menu Object - enables Web authors to a
-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Inter
for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and
strator-approved controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, clic
ce, and then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then
icy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratin
nd then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click
next webpage is loaded into the background. If you don't configure this setting, users can turn this behavior on or off, using the Settings ch
next webpage is loaded into the background. If you don't configure this setting, users can turn this behavior on or off, using the Settings ch
is behavior on or off, using Internet Explorer settings. This feature is turned on by default
is behavior on or off, using Internet Explorer settings. This feature is turned on by default
have been revoked. If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been
have been revoked. If you do not configure this policy setting, Internet Explorer will not check server certificates to see if they have been

re this policy setting, Caret Browsing support can be turned on or off through the registry.
re this policy setting, Caret Browsing support can be turned on or off through the registry.
Mode. If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use th
Mode. If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use th
g, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don'
g, Internet Explorer 11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows. If you don'
al protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows
al protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows
policy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used. If you don't configure the policy s
policy setting, Internet Explorer only sends the Do Not Track header if inPrivate Browsing mode is used. If you don't configure the policy s

ernet Options settings. The default is on.


ernet Options settings. The default is on.
ttings. The default is on.
ttings. The default is on.

and they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tu
and they select the most preferred match. If you enable this policy setting, the browser negotiates or does not negotiate an encryption tu

l signatures of executable programs or display their identities before downloading them to user computers. If you do not configure this po
l signatures of executable programs or display their identities before downloading them to user computers. If you do not configure this po
cy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.
cy, Internet Explorer automatically launches any browser helper objects that are installed on the user's computer.
cy setting, users will be prompted when Web Components such as fonts would be downloaded. If you do not configure this policy, users w
cy setting, users will be prompted when Web Components such as fonts would be downloaded. If you do not configure this policy, users w
not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
not configure this policy setting, non-Internet Explorer components will be automatically installed as necessary.
ot check the Internet for new versions of the browser, so does not prompt users to install them. If you do not configure this policy setting,
ot check the Internet for new versions of the browser, so does not prompt users to install them. If you do not configure this policy setting,
es with an invalid signature.
es with an invalid signature.
plorer will play animated pictures found in Web content.
plorer will play animated pictures found in Web content.
nds found in Web content.
nds found in Web content.
Web content.
Web content.
t being prompted. If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile As
t being prompted. If you do not configure this policy setting, a user will have the freedom to accept requests from Web sites for Profile As
ure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
ure this policy, Internet Explorer will save encrypted pages containing secure (HTTPS) information to the cache.
nternet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed. If you do not
nternet Explorer will not delete the contents of the user's Temporary Internet Files folder when browser windows are closed. If you do not
Windows 10 Version 1607.
Windows 10 Version 1607.
ne AutoComplete. By default, inline AutoComplete is turned off for Windows Vista, Windows 7, Internet Explorer 7, and Internet Explorer
cy setting, a user will have the freedom to turn on or off Inline AutoComplete for File Explorer.

t turn on script debugging. If you do not configure this policy setting, the user can turn on or turn off script debugging.
tting, when there is a problem connecting with an Internet server, the user sees a detailed description with hints about how to correct the p
Internet Explorer up to and including Internet Explorer 8.
perly because of problems with its scripting. The user cannot change this policy setting. If you do not configure this policy setting, the user

e default is on.
e default is on.
Offline Pages option determines how many levels of a Web site are searched for new information, it does not change the user interface in t
do not configure it, users can add channels to the Channel bar or to their desktop. Note: Most channel providers use the words Add Active
ed for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User Con

his policy or do not configure it, users can add, remove, and edit schedules for Web sites and groups of Web sites. The "Disable editing sch
stating that the command is unavailable. If you disable this policy or do not configure it, users can edit an existing schedule for downloadin
rganization. Note: This policy does not prevent users from removing active content from the desktop interface.
nu, click Synchronize, and then click the Properties button. If you disable this policy or do not configure it, users can remove the preconfigu
this policy, then Web pages can be updated on the schedules specified on the Schedule tab. This policy is intended for organizations that
this policy or do not configure it, content will not be prevented from being downloaded. The "Disable downloading of site subscription co

, because this policy removes the Advanced tab from the interface.
, because this policy removes the Advanced tab from the interface.
Prevent changing proxy settings" "Disable changing Automatic Configuration settings"
Prevent changing proxy settings" "Disable changing Automatic Configuration settings"

his policy removes the General tab from the interface: "Disable changing home page settings" "Disable changing Temporary Internet files
his policy removes the General tab from the interface: "Disable changing home page settings" "Disable changing Temporary Internet files

act settings" "Disable the Reset Web Settings feature" "Disable changing default browser check"
act settings" "Disable the Reset Web Settings feature" "Disable changing default browser check"
ge policies" "Security zones: Do not allow users to add/delete sites"
ge policies" "Security zones: Do not allow users to add/delete sites"
omain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted
omain names are converted to IDN format only for addresses that are in the Intranet zone. 3) Unicode domain names are always converted
figure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode
figure this policy setting, users can turn this behavior on or off, using Internet Explorer Advanced Options settings. The default is to encode
Advanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.
Advanced tab, and then under International, select the "Use UTF-8 for mailto links" check box.

8. The user cannot change this policy setting. If you do not configure this policy setting, the user can allow or prevent the sending of the p

cipher strength update information URL. If you disable or do not configure this policy setting, the user can specify the cipher strength upd
this policy setting, the user can decide whether the Internet Connection Wizard should start automatically.
er" or "Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains" policy settings. For more information, see
er" or "Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains" policy settings. For more information, see
or don't configure this setting, IE continues to download updated versions of VersionList.XML. For more information, see "Out-of-date Acti
ol. Clicking this button lets the user run the outdated ActiveX control once. For more information, see "Outdated ActiveX Controls" in the I
ol. Clicking this button lets the user run the outdated ActiveX control once. For more information, see "Outdated ActiveX Controls" in the I
e". For example, if you want to include http://example, use "example" 3. "file:///path/filename.htm". For example, use "file:///C:/Users/co
e". For example, if you want to include http://example, use "example" 3. "file:///path/filename.htm". For example, use "file:///C:/Users/co

you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following info
you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following info
o manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-o
o manage add-ons not listed within the 'Add-on List' policy setting. This policy setting effectively removes this option from users - all add-o
cesses will not respect add-on management user preferences or policy settings.
cesses will not respect add-on management user preferences or policy settings.
on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settin
on management user preferences and policy settings. If you enter a Value of 0, the add-on management user preferences and policy settin
red in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin
red in #package#behavior notation, e.g., #default#vml. If you disable this policy setting, no behaviors will be allowed in zones set to 'admin
gned by MD2 and MD4 signing technologies.
gned by MD2 and MD4 signing technologies.

figure this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
figure this policy setting, binary behaviors are prevented for the File Explorer and Internet Explorer processes.
behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting
behaviors are allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting
u enable this policy setting, Consistent Mime Handling is enabled for all processes. If you disable or do not configure this policy setting, Co
u enable this policy setting, Consistent Mime Handling is enabled for all processes. If you disable or do not configure this policy setting, Co
u enable this policy setting, Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting, Internet
u enable this policy setting, Internet Explorer requires consistent MIME data for all received files. If you disable this policy setting, Internet
policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enab
policy setting allows administrators to define applications for which they want this security feature to be prevented or allowed. If you enab
ng, the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.
ng, the Notification bar will not be displayed for all processes other than Internet Explorer or those listed in the Process List.
for Internet Explorer Processes.
for Internet Explorer Processes.
name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explore
name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explore
Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a proc
Machine zone security applies to all local files and content processed by any process other than Internet Explorer or those defined in a proc
e this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this
e this policy setting, the Local Machine zone security applies to all local files and content processed by Internet Explorer. If you disable this
nter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Nam
nter a value of 1, Local Machine Zone security applies. If you enter a value of 0, Local Machine Zone security does not apply. If a Value Nam

ous file type.


ous file type.
pty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet
pty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet

cy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
cy setting, the MK Protocol is prevented for File Explorer and Internet Explorer, and resources hosted on the MK protocol will fail.
red. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE proc
red. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE proc
d for all processes other than File Explorer or Internet Explorer. If you do not configure this policy setting, no policy is enforced for process
d for all processes other than File Explorer or Internet Explorer. If you do not configure this policy setting, no policy is enforced for process
s by adding the value names http and https. If you disable this policy setting, restricting content obtained through restricted protocols is pr
s by adding the value names http and https. If you disable this policy setting, restricting content obtained through restricted protocols is pr
estricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name
estricted protocols is allowed. If you enter a Value of 0, restricting content obtained through restricted protocols is blocked. The Value Name

e when navigating within or across domains for Internet Explorer processes.


e when navigating within or across domains for Internet Explorer processes.
a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use
a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use
policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
policy setting, processes other than Internet Explorer or those listed in the Process List receive no such protection.
ation by Internet Explorer processes. If you disable this policy setting, no zone receives such protection for Internet Explorer processes. If y
ation by Internet Explorer processes. If you disable this policy setting, no zone receives such protection for Internet Explorer processes. If y
hich they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, elevation to more p
hich they want this security feature to be prevented or allowed. If you enable this policy setting and enter a Value of 1, elevation to more p
his list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the
his list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the

rer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setti
rer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setti

ate popup windows and windows that obfuscate other windows. If you do not configure this policy setting, popup windows and other rest
ate popup windows and windows that obfuscate other windows. If you do not configure this policy setting, popup windows and other rest
, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the
, such windows may not be opened. If you enter a Value of 0, windows have none of these restrictions. The Value Name is the name of the
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot
ow active content over restricted protocols to access my computer." If you disable or do not configure this policy setting for a zone, no prot

In addition, users won't be able to change the Suggestions setting on the Settings charm. If you don't configure this policy setting, users ca
In addition, users won't be able to change the Suggestions setting on the Settings charm. If you don't configure this policy setting, users ca

archScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom adminis
archScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom adminis

tent browser across an organization.


mponents\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the Advanced page" policy rem
is fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
is fully enabled, all website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the user.
disable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-ru
disable or do not configure this policy setting, the user is prompted to decide whether to turn on the SmartScreen Filter during the first-ru
ted to decide whether to turn on SmartScreen Filter during the first-run experience.
ted to decide whether to turn on SmartScreen Filter during the first-run experience.

cessing Help. If you enable this policy setting, the menu bar is above the navigation bar. The user cannot interchange the positions of the m
evel. You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to pre
evel. You may also want to enable the "Prevent managing pop-up exception list" and "Turn off pop-up management" policy settings to pre

change the logging settings.


change the logging settings.
copying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, fee
copying and pasting text, managing favorites, and accessing Help. The Command bar enables the user to access and manage favorites, fee
will not be able to use the Import/Export Settings wizard. If you disable or do not configure this policy setting, the user will be able to use th
will not be able to use the Import/Export Settings wizard. If you disable or do not configure this policy setting, the user will be able to use th

e "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this
e "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings. If you disable, or do not configure this

onfigure it, users can set up and change identities.


you enable this policy setting, newly installed add-ons are automatically activated in the browser. If you disable or do not configure this p
you enable this policy setting, newly installed add-ons are automatically activated in the browser. If you disable or do not configure this p
not notified when the average time to load all the user's enabled add-ons exceeds the threshold. If you disable or do not configure this po
not notified when the average time to load all the user's enabled add-ons exceeds the threshold. If you disable or do not configure this po
Filtering on or off.
Filtering on or off.
lorer Bar. Administrators also have the ability to turn the auto-play feature on or off. This setting only applies if the Media Explorer Bar is e
the Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm
the Delete Browsing History dialog box. Starting with Windows 8, users can click the Delete Browsing History button on the Settings charm
etting is enabled by default.
etting is enabled by default.
y setting is enabled by default.
y setting is enabled by default.
is enabled by default.
is enabled by default.
s Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
s Delete. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting is enabled by default.
y" policy setting is enabled, this policy setting is enabled by default.
y" policy setting is enabled, this policy setting is enabled by default.
ete Browsing History" policy setting is enabled, this policy setting is enabled by default.
ete Browsing History" policy setting is enabled, this policy setting is enabled by default.
he user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data
he user clicks Delete. If you do not configure this policy setting, the user can choose whether to delete or preserve InPrivate Filtering data
Filtering data, Tracking Protection data, and Do Not Track exceptions stored for visited websites. This feature is available in the Delete Bro
Filtering data, Tracking Protection data, and Do Not Track exceptions stored for visited websites. This feature is available in the Delete Bro
setting is enabled, this policy setting has no effect.
setting is enabled, this policy setting has no effect.
gured on the General tab in Internet Options. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting
gured on the General tab in Internet Options. If the "Prevent access to Delete Browsing History" policy setting is enabled, this policy setting
ll display regardless of which option is chosen. If you disable or do not configure this policy setting, Internet Explorer may run the First Run
ll display regardless of which option is chosen. If you disable or do not configure this policy setting, Internet Explorer may run the First Run
Command bar and F1 to access Help.
Command bar and F1 to access Help.
structure. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.
structure. If Accelerators are turned on, users can install search providers as Accelerators to include them on the Accelerator menu.

perating system and amount of physical memory. We recommend the default setting. The second algorithm must be explicitly enabled thr
perating system and amount of physical memory. We recommend the default setting. The second algorithm must be explicitly enabled thr

If you do not configure this policy setting, the user can turn on or turn off tabbed browsing.
If you do not configure this policy setting, the user can turn on or turn off tabbed browsing.
up windows in tabbed browsing.
up windows in tabbed browsing.
enting users from being notified about new versions of the browser.
is policy setting, the user can configure how windows open when he or she clicks links from other applications.
is policy setting, the user can configure how windows open when he or she clicks links from other applications.

, you will not be able to provide a default Pop-up Blocker exception list. Note: You can disable users from adding or removing websites to t
, you will not be able to provide a default Pop-up Blocker exception list. Note: You can disable users from adding or removing websites to t
et this policy, because the "Disable the General page" policy removes the General tab from the interface.
do no configure this policy setting, the user will have the freedom to automatically configure these settings.
do no configure this policy setting, the user will have the freedom to automatically configure these settings.
ated in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to
e" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel) takes p
n\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Content tab from Internet
the default. This policy is intended for organizations that do not want users to determine which browser should be their default. The "Disa
e default web browser through the Tell me if Internet Explorer is not the default web browser check box on the Programs tab in the Interne
nistrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disa
ons page" policy removes the Connections tab from the interface.
ons page" policy removes the Connections tab from the interface.
n settings by running the Internet Connection Wizard. Note: This policy overlaps with the "Disable the Connections page" policy (located in
er\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from
k the Settings button.
ete feature for User names and passwords on Forms is turned off. The user also cannot opt to be prompted to save passwords. If you do n
f pages in the History List. Users can not delete browsing history. If you disable or do not configure this policy setting, a user can set the nu
f pages in the History List. Users can not delete browsing history. If you disable or do not configure this policy setting, a user can set the nu
bled and users can choose their own home page.
ome Page Settings” policy is enabled, the user cannot add secondary home pages.
ome Page Settings” policy is enabled, the user cannot add secondary home pages.
age" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), you
Windows Components\Internet Explorer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page
e the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Co

gure this policy setting, the popup management feature will be functional.
gure this policy setting, the popup management feature will be functional.
es the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.

tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
om Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.

e freedom to choose to turn the auto-complete setting for web-addresses on or off.


e freedom to choose to turn the auto-complete setting for web-addresses on or off.
u disable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user c
u disable this policy setting, Internet Explorer uses Windows Search AutoComplete to provide relevant results in the Address bar. The user c
configure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Op
configure this policy setting, URL Suggestions will be turned on. Users will be able to turn on or turn off URL Suggestions in the Internet Op
policy is intended for situations in which administrators do not want users to explore the Internet or the hard disk. This policy can be used

he "Security zones: Do not allow users to change policies" policy.


er Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security ta
settings for the Local Intranet zone. This policy prevents users from changing site management settings for security zones established by t
policy is intended for administrators who want to use Software Distribution Channels to update their users' programs without user interve
ter, and any default providers installed do not appear (including providers installed from other applications). The only providers that appea
ter, and any default providers installed do not appear (including providers installed from other applications). The only providers that appea
re created by default.
re created by default.

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

e whether to install desktop items from this zone.


e whether to install desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
Local Machine zone to run.
Local Machine zone to run.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a
applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

e whether to install desktop items from this zone.


e whether to install desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned on by default.


setting, the first-run prompt is turned on by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.
e whether to install desktop items from this zone.
e whether to install desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
veX control they do not have installed.
veX control they do not have installed.

xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
Local Machine zone to run.
Local Machine zone to run.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a
applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
ers are queried whether to download controls signed by publishers who aren't trusted. Code signed by trusted publishers is silently downl
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

e whether to install desktop items from this zone.


e whether to install desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned on by default.


setting, the first-run prompt is turned on by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers can download signed controls without user intervention.
ers can download signed controls without user intervention.
users can run unsigned controls without user intervention.
users can run unsigned controls without user intervention.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

ems from this zone automatically.


ems from this zone automatically.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
veX control they do not have installed.
veX control they do not have installed.
xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
Local Machine zone to run.
Local Machine zone to run.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a
applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers can download signed controls without user intervention.
ers can download signed controls without user intervention.
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

ems from this zone automatically.


ems from this zone automatically.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redire
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redire

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
gned controls cannot be downloaded.
gned controls cannot be downloaded.
users cannot run unsigned controls.
users cannot run unsigned controls.
eried to choose whether to drag or copy files from this zone.
eried to choose whether to drag or copy files from this zone.

nstalling desktop items from this zone.


nstalling desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
ther domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows
ther domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows
cation bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is un
cation bar will appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is un
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
us bar or Address bar.
us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redire
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting cannot be redire

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are not

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
gned controls cannot be downloaded.
gned controls cannot be downloaded.
users cannot run unsigned controls.
users cannot run unsigned controls.
eried to choose whether to drag or copy files from this zone.
eried to choose whether to drag or copy files from this zone.

nstalling desktop items from this zone.


nstalling desktop items from this zone.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
ther domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows
ther domains or access applications from different domains. If you do not configure this policy setting, users cannot open other windows
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

hether to force local sites into the Intranet Zone.


hether to force local sites into the Intranet Zone.
appears (by using the Advanced page in the Internet Control panel).
appears (by using the Advanced page in the Internet Control panel).
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc
ne Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Loc

r default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Res
r default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Res
o automatically detect the intranet through the intranet settings dialog in Control Panel.
o automatically detect the intranet through the intranet settings dialog in Control Panel.
net site that is being treated as though it is in the Internet zone. If this policy setting is not configured, a Notification bar notification appea
net site that is being treated as though it is in the Internet zone. If this policy setting is not configured, a Notification bar notification appea
us bar or Address bar.
us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned on by default.


setting, the first-run prompt is turned on by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.

e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected

applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai
applications have implemented a custom security manager. If you do not configure this policy setting, binary and script behaviors are avai

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers can download signed controls without user intervention.
ers can download signed controls without user intervention.
users are queried to choose whether to allow the unsigned control to run.
users are queried to choose whether to allow the unsigned control to run.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

ems from this zone automatically.


ems from this zone automatically.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the MIME Sni
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
appear to allow control over questionable content accessed over any restricted protocols; content over other protocols is unaffected. If yo
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
. If you do not configure this policy setting, Internet Explorer does not prompt users with a "Client Authentication" message when they con
veX control they do not have installed.
veX control they do not have installed.

xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
xplorer won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behav
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th
cur. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in th

us bar or Address bar.


us bar or Address bar.
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d
ia players in specified zones. If you disable this policy setting, video and animation cannot be played through older media players. If you d

setting, the first-run prompt is turned off by default.


setting, the first-run prompt is turned off by default.
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ding a file via an HTML form. If you do not configure this policy setting, the user can choose whether path information is sent when he or s
ng Filter scans pages in this zone for malicious content.
ng Filter scans pages in this zone for malicious content.

Protected Mode.
Protected Mode.
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
gure this policy setting, the user can configure how the computer handles these files. By default, these files are blocked in the Restricted zo
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh
ompted for loading XBAPs. If you disable this policy setting, XBAPs are not loaded inside Internet Explorer. The user cannot change this beh

icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
icy setting, .NET Framework Setup is turned on. The user cannot change this behavior. If you do not configure this policy setting, .NET Fram
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
d for loading XAML files. If you disable this policy setting, XAML files are not loaded inside Internet Explorer. The user cannot change this b
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
et Explorer. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XPS files
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
Local Machine zone to run.
Local Machine zone to run.
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
e. If you do not configure this policy setting, a user's browser that loads a page containing an active Meta Refresh setting can be redirected
applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a
applications have implemented a custom security manager. If you do not configure this policy setting, only behaviors listed in the Admin-a

o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
o Prompt, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http
ers can download signed controls without user intervention.
ers can download signed controls without user intervention.
users cannot run unsigned controls.
users cannot run unsigned controls.
g files or copy and paste files from this zone automatically.
g files or copy and paste files from this zone automatically.

ems from this zone automatically.


ems from this zone automatically.
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
enables applets to run in their sandbox. Disable Java to prevent any applets from running. If you disable this policy setting, Java applets ca
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
re prevented from running applications and downloading files from IFRAMEs on the pages in this zone. If you do not configure this policy s
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
r IDs and passwords in other zones. After a user is queried, these values can be used silently for the remainder of the session. Automatic l
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
e turned on in this zone, as dictated by the feature control setting for the process. If you do not configure this policy setting, the actions th
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
are in the same window. Users cannot change this setting in the Internet Options dialog. In Internet Explorer 10, if you disable this policy
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nation are in different windows. Users cannot change this setting. In Internet Explorer 10, if you disable this policy setting or do not config
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
nt domains. If you do not configure this policy setting, users can open windows and frames from othe domains and access applications fro
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
. If you do not configure this policy setting, Internet Explorer prompts users with a Client Authentication message when they connect to a
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
fication bar. Users can click on the Notification bar to allow the ActiveX control prompt.
o allow the file download prompt.
o allow the file download prompt.

xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
xplorer always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this beh
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti
p-down box, users are queried whether to allow the control to be loaded with parameters or scripted. If you disable this policy setting, Acti

ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
ents. If you disable this policy setting, Internet Explorer will not execute signed managed components. If you do not configure this policy se
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
to (but not installed on) users' computers. High safety to prevent users from being notified of software updates by e-mail, software packa
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
. If you disable this policy setting, information using HTML forms on pages in this zone is prevented from being submitted. If you do not co
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
components. If you disable this policy setting, Internet Explorer will not execute unsigned managed components. If you do not configure
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
formation in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. If you do not configure this po
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for the process. If you do n
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z
r. If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this z

but does not prevent users from saving the text of a Web page. Caution: If you enable this policy, users are not prevented from saving Web
play the Save Web Page dialog box, users click the File menu, and then click the Save As command. If you disable this policy or do not confi
ening a new browser window by right-clicking, and then clicking the Open in New Window command. To prevent users from using the sho
pen in New Window command. To prevent users from opening Web pages by using the shortcut menu, set the "Disable Open in New Wind

If you enable this policy, users also cannot click Synchronize on the Tools menu (in Internet Explorer 6) to manage their favorite links that a
File menu, pointing to New, and then clicking Window. Note: When users click the Open in New Window command, the link will not open

nfigure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explor
nfigure this policy setting, the Print menu in Internet Explorer will be available. Starting with Windows 8, the Print flyout for Internet Explor
ols menu. Caution: This policy does not prevent users from viewing and changing Internet settings by clicking the Internet Options icon in

ent users from viewing the HTML source of a Web page from the shortcut menu, set the "Turn off Shortcut Menu" policy, which disables th

ownload placeholders" policy setting must be disabled if this policy setting is enabled. If you disable this policy setting, images appear. The
olicy setting is enabled. If you disable this policy setting, placeholders will not appear for graphical images while the images are downloadi

not turn it on. If you do not configure this policy setting, the user can turn on or turn off the printing of background colors and images.

ownload setting through the Feed APIs.


ownload setting through the Feed APIs.
Subscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or
Subscribe button in Internet Explorer and delete a feed or Web Slice through the feed list control. A developer can add or delete a feed or

s secure HTTP connection. A developer cannot change this policy setting through the Feed APIs.
s secure HTTP connection. A developer cannot change this policy setting through the Feed APIs.
y process on the computer attempts to perform a Clipboard operation. If you do not configure this policy setting, current values of the URL
y process on the computer attempts to perform a Clipboard operation. If you do not configure this policy setting, current values of the URL
setting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation. If y
setting, the user is prompted when a script that is running in the Internet Explorer process attempts to perform a Clipboard operation. If y
r that policy setting. If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are no
r that policy setting. If you enable this policy setting and enter a value of 1, prompts are bypassed. If you enter a value of 0, prompts are no
list of search results is displayed in the main window. If you disable or do not configure this policy setting, the user can specify what actio
list of search results is displayed in the main window. If you disable or do not configure this policy setting, the user can specify what actio
you enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-
you enable this policy setting, you can choose where to direct the user after a search on the Address bar: a top-result website or a search-

you do not configure this policy setting, Data URI support can be turned on or off through the registry.
you do not configure this policy setting, Data URI support can be turned on or off through the registry.
tion. This policy setting has no effect if Windows has been configured to enable Data Execution Prevention.
form or web application. If you disable or do not configure this policy setting, the reveal password button can be shown by the application
form or web application. If you disable or do not configure this policy setting, the reveal password button can be shown by the application

ebsites can request data across domains by using the XDomainRequest object.
ebsites can request data across domains by using the XDomainRequest object.
the WebSocket object. If you disable or do not configure this policy setting, websites can request data across domains by using the WebSo
the WebSocket object. If you disable or do not configure this policy setting, websites can request data across domains by using the WebSo

process after the branding is complete for ISPs (IEAK). The user cannot change this behavior. If you do not configure this policy setting, the
bars. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice. If you disa
bars. The user is not prompted, and incompatible toolbars run unless previously disabled through policy settings or user choice. If you disa

prevents users from adding or removing toolbars from Internet Explorer.


cy or do not configure it, users can customize which buttons appear on the Internet Explorer and File Explorer toolbars. This policy can be u

mand buttons have only icons. If you disable or do not configure this policy setting, the command buttons show selective text by default, a
mand buttons have only icons. If you disable or do not configure this policy setting, the command buttons show selective text by default, a

s all other internal security checks. If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.
s all other internal security checks. If you disable or do not configure this policy setting, the ActiveX Opt-In prompt appears.

onfigure this policy setting, the user can turn on and turn off the Suggested Sites feature.
onfigure this policy setting, the user can turn on and turn off the Suggested Sites feature.

rowsing session. If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.
rowsing session. If you do not configure this policy setting, it can be configured on the Privacy tab in Internet Options.
ction can be turned on or off on the Privacy tab in Internet Options.
ction can be turned on or off on the Privacy tab in Internet Options.
sable or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then c
sable or do not configure this policy setting, the user can establish the InPrivate Filtering threshold by clicking the Safety button and then c
vailable for use. If you do not configure this policy setting, it can be configured through the registry.
vailable for use. If you do not configure this policy setting, it can be configured through the registry.
disable or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and the
disable or do not configure this policy setting, the user can establish the Tracking Protection threshold by clicking the Safety button and the
ction is available for use. If you do not configure this policy setting, it can be configured through the registry.
ction is available for use. If you do not configure this policy setting, it can be configured through the registry.

Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common
Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common

disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intra
disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intra

ttings dialog box. If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the fea
ttings dialog box. If you do not configure this policy setting, the Microsoft-provided website lists are not active. The user can activate the fea

get any reports. If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run website
get any reports. If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run website
sites using Standards mode.
sites using Standards mode.
ns all sites based on the currently active browser. Note: If you've also enabled the Administrative Templates\Windows Components\Micro
ns all sites based on the currently active browser. Note: If you've also enabled the Administrative Templates\Windows Components\Micro

e this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website
e this policy setting, websites will be able to store an indexed database on client computers. Allow website database and caches on Website
icy setting, you provide the cache limit, in MB. The default is 500 MB. If you enable this policy setting, Internet Explorer will allow trusted d
icy setting, you provide the cache limit, in MB. The default is 500 MB. If you enable this policy setting, Internet Explorer will allow trusted d
f you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases.
f you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all indexed databases.
policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Se
policy setting, websites will be able to store application caches on client computers. Allow website database and caches on Website Data Se
this policy setting, you provide the cache limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Explorer will allow tru
this policy setting, you provide the cache limit, in MB. The default is 50 MB. If you enable this policy setting, Internet Explorer will allow tru
isable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The de
isable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all application caches. The de
default application cache expiration time limit for all application caches. The default is 30 days.
default application cache expiration time limit for all application caches. The default is 30 days.
g, Internet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page t
g, Internet Explorer will allow the creation of application caches whose manifest file contains the number of resources, including the page t
st file entries are less than or equal to the size set in this policy setting. If you disable or do not configure this policy setting, Internet Explor
st file entries are less than or equal to the size set in this policy setting. If you disable or do not configure this policy setting, Internet Explor
rts a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session. If y
rts a new browsing session with the home page. Users cannot change this option to start with the tabs from the last browsing session. If y

the selected zones. The decimal representation of this number is used to represent this number in policy. For example: • 2 - Intranet site
the selected zones. The decimal representation of this number is used to represent this number in policy. For example: • 2 - Intranet site
y Toolkit, Add one domain per line to the text box. For example: microsoft.sharepoint.com outlook.com onedrive.com timecard.contoso.
y Toolkit, Add one domain per line to the text box. For example: microsoft.sharepoint.com outlook.com onedrive.com timecard.contoso.
policy, Tablet PC users can report handwriting recognition errors to Microsoft. If you do not configure this policy Tablet PC users can repor
policy, Tablet PC users can report handwriting recognition errors to Microsoft. If you do not configure this policy Tablet PC users can repor

the domain controller does not provide information about previous logons unless the "Display information about previous logons during u
cy setting, the KDC will not search the listed forests to resolve the SPN. If the KDC is unable to resolve the SPN because the name is not fou
he domain. If you disable or do not configure this policy setting, the domain controller does not support claims, compound authentication
. This value should be set to the same value as the Kerberos policy "Set maximum Kerberos SSPI context token buffer size" or the smallest M
applied to all domain controllers to ensure consistent application of this policy in the domain. If you disable or do not configure this policy
reshness Extension will get the fresh public key identity SID. Required: PKInit Freshness Extension is required for successful authentication.
ealm name. In the Value column, type the list of DNS host names and DNS suffixes using the appropriate syntax format. To remove a mapp
box in the Value Name column, type the interoperable Kerberos V5 realm name. In the Value column, type the realm flags and host names
es that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a dom
is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
es different from LocalSystem or NetworkService might fail to authenticate. If you disable or do not configure this policy setting, any servic
w Contents dialog box in the Value Name column, type a DNS suffix name. In the Value column, type the list of proxy servers using the app
he revocation check for the SSL certificate. The connection to the KDC proxy server is not established if the revocation check fails.
e (AS) and ticket-granting service (TGS) message exchanges with the domain controllers. Note: The Kerberos Group Policy "Kerberos client
nt will be configured for compound authentication by the following options: Never: Compound authentication is never provided for this co
ocally allowed maximum value, whichever is smaller. If you disable or do not configure this policy setting, the Kerberos client or server use
disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounde
es that support compound authentication always send a compound authentication request. If you disable or do not configure this policy se
mputer account authentication using certificates then authentication with password will be attempted. Force: Device will always authentica
main members but you do not want to enable BranchCache on all file servers, you can specify Not Configured for this domain Group Policy
e, if you enable support for V1 hashes, BranchCache generates only V1 hashes and client computers can retrieve only V1 hashes. Policy con
x, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites
es will not take effect until you restart Windows.
, one cipher suite per line, in order from most to least preferred, with the most preferred cipher suite at the top. Remove any cipher suites
ttached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by
led shares. Note: Microsoft does not recommend enabling this group policy. Use of CA with Offline Files will lead to very long transition tim
ened through CA shares. Note: This policy has no effect when connecting Scale-out File Server shares provided by a Windows Server. Micr
e service is stopped or disabled, diagnostic scenarios are not executed. Note: The DPS can be configured with the Services snap-in to the M
nnected to a managed network. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "A
ain" option to allow the Responder to operate on a network interface that's connected to a managed network. On the other hand, if a netw

configure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Compu
configure this policy setting, Windows Vista adds any customized run list configured to its run list. This policy setting appears in the Compu
ter Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes
ter Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes

s only to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000
nless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. If you disable or do not configur
nless the file is located in the %Systemroot% directory, you must specify the fully qualified path to the file. If you disable or do not configur
becomes available. Note that because this is a background refresh, extensions such as Software Installation and Folder Redirection take tw

s only to Windows 2000 Professional. It does not affect the ""Configure Your Server on a Windows 2000 Server"" screen on Windows 2000
e Boot/Shutdown/Logon/Logoff status messages"" policy setting is enabled.

e sign-in animation. If you disable this policy setting, users will not see the animation and Microsoft account users will not see the opt-in p

s setting, employees can see the Address bar drop-down functionality in Microsoft Edge. If you disable this setting, employees won't see t
s setting, employees can see the Address bar drop-down functionality in Microsoft Edge. If you disable this setting, employees won't see t
forms while using Microsoft Edge.
forms while using Microsoft Edge.
k requests to websites asking for tracking info.
k requests to websites asking for tracking info.

ettings. If you disable this setting, users can't add search engines or change the default used in the address bar.
ettings. If you disable this setting, users can't add search engines or change the default used in the address bar.
r in the Address bar of Microsoft Edge.
r in the Address bar of Microsoft Edge.
configure this setting, employees can choose whether to use Windows Defender SmartScreen.
configure this setting, employees can choose whether to use Windows Defender SmartScreen.

adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creati
adding a link to your OpenSearch XML file, including at least the short name and https: URL of the search engine. For more info about creati
ach additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search
ach additional engine, you must also add a link to your OpenSearch XML file, including at least the short name and https: URL of the search
etting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable o
etting. Enabling both settings stops employees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable o
ce compatibility problems while using legacy apps.
ce compatibility problems while using legacy apps.

honored for both domain- and non-domain-joined machines, when it's the only configured URL. If you disable or don't configure this settin
honored for both domain- and non-domain-joined machines, when it's the only configured URL. If you disable or don't configure this settin
art pages" setting, which means that users can modify them. If you disable or don't configure this setting, users can't change any Start pag
art pages" setting, which means that users can modify them. If you disable or don't configure this setting, users can't change any Start pag
loyees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), e
loyees from syncing their favorites between Internet Explorer and Microsoft Edge. If you disable or don't configure this setting (default), e
e Tile to the Start menu.
e Tile to the Start menu.

y List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it’s in whatever version of IE is
y List prompts the employee to use Internet Explorer 11, where the site is automatically rendered as though it’s in whatever version of IE is
those on the Administrative Tools menu in Windows 2000 Server family or Windows Server 2003 family. However, users cannot open a blan
setting or do not configure it, all snap-ins are permitted, except those that you explicitly prohibit. Use this setting if you plan to permit use
his setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabl
his setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabl
his setting is not configured (or disabled), this snap-in is prohibited. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabl
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
e "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this tab is displayed. -- If "Restrict users to the exp
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
g is not configured, the setting of the "Restrict users to the explicitly permitted list of snap-ins" setting determines whether this snap-in is p
rs will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, W
rs will be able to customize their system settings for presentations in Windows Mobility Center. If you do not configure this policy setting, W
sers or in apps that use OAuth.

be applied to Automatic Maintenance.


policy setting, the wake setting as specified in Security and Maintenance/Automatic Maintenance Control Panel will apply.
if the diagnostics-wide scenario execution policy is not configured. No reboots or service restarts are required for this policy setting to tak
DT prompts the user to download additional tools to diagnose problems on remote computers only. If you enable this policy setting for loc
rovider. If you do not configure this policy setting, MSDT support mode is enabled by default. No reboots or service restarts are required f
tion is determined and will suggest the application that should be re-installed. This behavior is recommended for headless operation and is
hat run in the user's security context. Also, see the "Remove browse dialog box for new source" policy setting. If you disable or do not confi
u disable or do not configure this policy setting, by default, users can install programs from removable media only when the installation run
ng installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs. This policy s
not have permission to view or change, including directories on highly restricted computers. If you disable or do not configure this policy se
not have permission to view or change, including directories on highly restricted computers. If you disable or do not configure this policy se
-- The "Restart Manager Off" option turns off Restart Manager for file in use detection and the legacy file in use behavior is used. -- The "R
onfigure this policy setting, the Browse button is enabled when an installation is running in the user's security context. But only system adm
f so, the patch will be applied using a minimal set of processing.
e the MsiLogging property. -- The "Logging via package settings off" option turns off the automatic logging behavior when specified via the
rity context, but only system administrators can use removable media when an installation is running with elevated system privileges, such
l, Windows XP Professional and Windows Vista when the policy is not configured. -- The "For non-managed applications only" option per
by default, users who are not system administrators cannot apply patches to installations that run with elevated system privileges, such as t
setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interr
setting is designed to reduce the amount of temporary disk space required to install programs. Also, it prevents malicious users from interr
ng the directory to which files are installed. If Windows Installer detects that an installation package has permitted the user to change a pr
ministrative privileges can install non-administrator updates.
r applicable to the product. If you disable or do not configure this policy setting, a user can remove an update from the computer only if th
tore checkpoint each time an application is installed, so that users can restore their computer to the state it was in before installing the app
enable this policy setting and "Hide User Installs" is selected, the installer ignores per-user applications. This causes a per-computer install
appears as a new component. (2) Add a new feature to the top or middle of an existing feature tree. The new feature must be added as a
o 0, the Windows Installer will stop populating the baseline cache for new updates. The existing cached files will remain on disk and will be
f you disable or do not configure this policy setting, Windows Installer logs the default event types, represented by the letters "iweap."
e programs to their employees. However, because this policy setting can pose a security risk, it should be applied cautiously.
sents media; -- "u" represents URL, or the Internet. To exclude a file source, omit or delete the letter representing that source type.
omputer or be connected to the original or identical media to reinstall, remove, or repair the installation. This policy setting is designed for

does not remove the existing IPsec tunnels and users can still access intranet resources across the DirectAccess server by specifying IPv6 ad

ead of IPv6 addresses wherever possible. Important At least one of the entries must be a PING: resource. -A Uniform Resource Locator (U
el. You should configure one endpoint for each tunnel. Each entry consists of the text PING: followed by the IPv6 address of an IPsec tunn
rd with the PDC emulator if the DC fails to validate the password. If you disable this policy setting, the DCs will not attempt to verify any pa
an the value specified in the NegativeCachePeriod subkey, the value in the NegativeCachePeriod subkey is used. Warning: If the value for t
aximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. If the value for this setting is s
retry interval policy setting is used. The default value for this setting is to not quit retrying (0). The maximum value for this setting is 49 da
ways refresh (0).
ccurs as described above. If you disable this policy setting or do not configure it, the default behavior occurs as described above.

or occurs as indicated above.


attempt to find any DCs that were initially unavailable. If the value for this setting is too small, clients will attempt to find DCs even when no
e share when exclusive access is requested and the caller has only read permission. By default, the Netlogon share will grant shared read a
reated as infinity is 49 days (49*24*60*60=4233600). Any larger value will be treated as infinity. The minimum value for this setting is to alw
rom a trusted domain by an expensive (e.g., ISDN) line, this parameter might be adjusted upward to avoid frequent automatic discovery of
ers, and computers use their local configuration.
n exclusive access is requested and the caller has only read permission. By default, the SYSVOL share will grant shared read access to files o
ain controller hosting an Active Directory domain specified with a single-label name using DNS name resolution. If you disable this policy se
gleLabelDnsDomain policy setting is enabled. If you enable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled,
same domain, or no Global Catalog for the same forest, exists. If you disable this policy setting, the DCs will not register site-specific DC Lo
._tcp.<SiteName>._sites.<DnsDomainName> Pdc SRV _ldap._tcp.pdc._msdcs.<DnsDomainName> Gc SRV _ldap._tcp.gc.
tative DNS servers are configured to perform scavenging of the stale records, this reregistration is required to instruct the DNS servers confi

d to locate the GC. An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Dire
DC Locator DNS SRV resource records, click Enabled, and then enter a value. The range of values is from 0 to 65535. If you do not configur
t randomly selects the target host to be contacted is proportional to the Weight field value in the SRV record. To specify the Weight in the
cator DNS records and the site-specific SRV records are dynamically registered by the Net Logon service, and they are used to locate the ap
ectory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To
cords. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
t be several site-hops away, could be returned by DC Locator. Site proximity between two sites is determined by the total site-link cost betw
isting clients will only discover it when a Force Rediscovery is carried out by DC Locator. To adapt to changes in network conditions DC Loca
4/IPv6 DC address. But if some applications are broken due to the returned IPv6 DC address, this policy can be used to disable the default b
will not be able to establish a connection to this domain controller. If you enable this policy setting, Net Logon will allow the negotiation
k surface on a DC, and can be used in an environment without WINS, in an IPv6-only environment, and whenever DC location based on a N
a hub-site client to discover a branch-site DC even if the branch-site DC only registers site-specific DNS records (as recommended). For thes
s setting result in the following behaviors: 0 - DCs will never perform address lookups. 1 - DCs will perform an exhaustive address lookup t
frequency. Enabling this setting may result in additional network traffic and increased load on DCs. You should disable this setting once al
s for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you di
nections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 com
ators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable this settin
or more network segements together. This connection appears in the Network Connections folder. If you disable this setting or do not con
trators on post-Windows 2000 computers. If you disable this setting or do not configure it, the Properties dialog box for a connection inclu
ou disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) c
his setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, all users can
s settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from
tion on how the problem can be resolved. If you enable this policy setting, this condition will not be reported as an error to the user. If you
"Enable Network Connections settings for Administrators" setting. Important: If the "Enable Network Connections settings for Administra
e menu items are disabled for all users (including administrators). Important: If the "Enable Network Connections settings for Administrato
s settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
setting will not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, the Make New
connected to when the setting was refreshed, this setting does not apply. The Internet Connection Firewall is a stateful packet filter for hom
n any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File m
dministrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers. If you disable
you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users.
tting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no us
nly. If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access conne
tors). Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply t
to Administrators. Note: When the "Ability to rename LAN connections or remote access connections available to all users" setting is config
or Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disab
The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is
ntext menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon

puter running DirectAccess and the Internet is routed through the internal network. If you disable this policy setting, traffic between remo
fault, any proxies configured with this setting are merged with proxies that are auto-discovered. To make this policy configuration the sole l
them as Internet nodes. This setting should NOT be used to configure Internet proxies. Example: [3efe:3022::1000]; 18.0.0.1; 18.0.0.2 F
red with this policy setting are merged with the hosts that are declared as private through automatic discovery. To ensure that these addre
your proxy server addresses. For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
mpts to automatically discover your private network hosts in the domain corporate environment. For more information see: http://go.mic
roxy server (on Port 80). A proxy server used for this purpose must also be configured using the Intranet proxy servers for apps policy. Exam

ronized. If you disable this setting or do not configure it, the system asks users whether they want subfolders to be made available offline w
files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are m
files or folders made always available offline (including those inherited from lower precedence GPOs) is deleted and no files or folders are m
etting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setti
etting appears in the Computer Configuration and User Configuration folders. If both settings are configured for a particular server, the setti
vailable for files that user's make available offline manually. If you enable this setting, you can specify an automatic-cache disk space limit.
er, unless changed by the user. Note: Changes to this policy setting do not take effect until the affected computer is restarted.
t Offline Files through the user interface. If you disable this policy setting, all files in the Offline Files cache are unencrypted. This includes e
des the events in all preceding levels. "0" records an error when the offline storage cache is corrupted. "1" also records an event when the
des the events in all preceding levels. "0" records an error when the offline storage cache is corrupted. "1" also records an event when the
ffline." This setting is designed to protect files that cannot be separated, such as database components. To use this setting, type the file na
ssible. -- "Never go offline" indicates that network files are not available while the server is inaccessible. If you disable this setting or sele
ssible. -- "Never go offline" indicates that network files are not available while the server is inaccessible. If you disable this setting or sele
s Explorer, to view their offline files. This setting appears in the Computer Configuration and User Configuration folders. If both settings are
s Explorer, to view their offline files. This setting appears in the Computer Configuration and User Configuration folders. If both settings are
older. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Com
older. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Com
n and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence. The
n and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence. The
is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files an
is deleted, including any lists inherited from lower precedence GPOs, and the "Make Available Offline" command is displayed for all files an
m hiding them. If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can chan
m hiding them. If this setting is not configured, reminder balloons are displayed by default when you enable offline files, but users can chan
the last synchronization are lost.
terval. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Co
terval. This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Co
f both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
f both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
nfigured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
nfigured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
s disabled or not configured, the default threshold value of 64,000 bps is used to determine if a network connection is considered to be slo
omplete, but does not ensure that they are current. If you do not configure this setting, the system performs a quick synchronization by de
omplete, but does not ensure that they are current. If you do not configure this setting, the system performs a quick synchronization by de
abled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synch
abled and Synchronization Manager is configured for logon synchronization, the system performs only a quick synchronization. Quick synch
te: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on t
te: If the computer is suspended by closing the display on a portable computer, files are not synchronized. If multiple users are logged on t

throughput between the client and the server is below (slower than) the Throughput threshold parameter, or if the round-trip network late
trols it. If you enable this policy setting, you can specify the disk space limit (in megabytes) for offline files and also specify how much of th
lockout Start Time' and 'Blockout Duration' to set a period of time where background sync is disabled. Use the 'Maximum Allowed Time W
the server, and the most current version from the server is always available for subsequent reads. This policy setting is triggered by the con

near, or over the plan's data limit. The network folder must also be in "slow-link" mode, as specified by the "Configure slow-link mode" pol

ootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking scenar
PNRP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local addres
disable or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
t home as well. Here are the four ways in which you can use this setting to control the seed server used in your corporation. 1. In order to
bootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking sce
PNRP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local addres
disable or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
etting and you don’t enter any address, no seed server will be used. If this setting is not configured, the protocol will revert to using a publ
bootstrapping. Specifying this registry key will break scenarios where there is no seed server for bootstrap (such as ad hoc networking sce
PNRP creates a global cloud if the computer has a global IPv6 address, but creates a site-local cloud if the computer has a site-local addres
disable or do not configure this policy setting, this computer can publish PNRP names and help other computers perform PNRP lookups.
ou enable this setting and you don’t enter any address, no seed server will be used. If this setting is not configured, the protocol will revert
the validation will be performed.
a convenience credential that encrypts their domain password.
a convenience credential that encrypts their domain password.
ws Hello for Business using software if the TPM is non-functional or unavailable.
Directory. If you enable this policy setting, Windows Hello for Business uses the PIN recovery service. If you disable or do not configure thi
e this policy setting, phone sign-in will be disabled, preventing the use of a phone as a companion device for desktop authentication.
to 4. NOTE: If the above specified conditions for the minimum PIN length are not met, default values will be used for both the maximum a
NOTE: If the above specified conditions for the maximum PIN length are not met, default values will be used for both the maximum and min

ng requires the environment to have one or more Windows Server 2016 domain controllers to prevent Windows Hello for Business authen
ng requires the environment to have one or more Windows Server 2016 domain controllers to prevent Windows Hello for Business authen
tinue to unlock with existing unlock options. For more information see: https://go.microsoft.com/fwlink/?linkid=849684

ness credentials at the time of creation. Credentials created before the application of this policy continue to provide smart card emulation.
me device. This policy setting is designed for a single user who has enrolled privileged and non-privileged on a single device. The user own
s not detect compatibility issues for applications and drivers. If you do not configure this policy setting, the PCA is configured to detect fail

BranchCache settings are not applied to client computers by this policy. In the circumstance where client computers are domain members
t applied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to confi
upload the content to the hosted cache server for access by other hosted cache clients at the branch office. Policy configuration Select on
n Select one of the following: - Not Configured. With this selection, BranchCache settings are not applied to client computers by this polic
not cache content until the network latency reaches the specified value; when network latency is greater than the value, clients begin cachi
chCache configuration by other group policies. If you enable this policy setting in addition to the "Turn on BranchCache" policy setting, Bra
owing versions." If you do not configure this setting, all clients will use the version of BranchCache that matches their operating system. P
ted cache servers in the branch office. If you enable this policy setting and specify valid computer names of hosted cache servers, hosted c
ient computers are domain members but you do not want to configure a BranchCache client computer cache age setting on all client comp

n, the DPS will detect Windows Boot Performance problems and indicate to the user that assisted resolution is available. If you disable this
eshooting and resolution, the DPS will detect Windows Standby/Resume Performance problems and indicate to the user that assisted reso
resolution, the DPS will detect Windows System Responsiveness problems and indicate to the user that assisted resolution is available. If
d resolution, the DPS will detect Windows Shutdown Performance problems and indicate to the user that assisted resolution is available. If

figure this policy setting, users can control this setting.


ers can see and change this setting.

bling lock screen slide show" policy setting can be used to disable the slide show feature.

screen slide show" policy setting can be used to disable the slide show feature.

bling lock screen slide show" policy setting can be used to disable the slide show feature.

screen slide show" policy setting can be used to disable the slide show feature.

w" policy setting can be used to disable the slide show feature.
w" policy setting can be used to disable the slide show feature.

ystemShutdown(). If you enable this policy setting, the computer system safely shuts down and remains in a powered state, ready for pow

has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The
has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The

olicy setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. Note: This policy setting exists under bo
olicy setting allows all scripts to run. If you disable this policy setting, no scripts are allowed to run. Note: This policy setting exists under bo
dule is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the Lo
dule is equivalent to setting the LogPipelineExecutionDetails property of the module to False. If this policy setting is not configured, the Lo
e and time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session. If you disa
e and time started. Enabling this policy is equivalent to calling the Start-Transcript cmdlet on each Windows PowerShell session. If you disa
ock, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. Note: This policy setting exists
ock, function, or script starts or stops. Enabling Invocation Logging generates a high volume of event logs. Note: This policy setting exists
Help cmdlet. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Co
Help cmdlet. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Co
e the file from the backup media. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the
e the file from the backup media. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the

nfigure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.
nfigure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a local file.

hare. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file
hare. If you do not configure this policy setting, it is disabled by default. The Restore button is active when the previous version is of a file
ersions corresponding to on-disk restore points. If you do not configure this policy setting, it is disabled by default.
ersions corresponding to on-disk restore points. If you do not configure this policy setting, it is disabled by default.
de of Internet printing only. It does not prevent the print client on the computer from printing across the Internet. Also, see the "Custom su
ble or do not configure this policy setting, then applications that are configured to support driver isolation will be isolated. If you disable th
es links only appear in the Printers folder when Web view is enabled. If Web view is disabled, the setting has no effect. (To enable Web view
b Services printers: 0 Bluetooth printers: 10 Shared printers: 0 In order to view available Web Services printers on your network, ensure th
box, then Add Printer Wizard displays the list of shared printers on the network and invites to choose a printer from the shown list. If you d
e client itself will process print jobs into printer device commands. These commands will then be sent to the print server, and the server w

ser and navigates to the specified URL address to display the available printers. This setting makes it easy for users to find the printers you
n of kernel-mode printer drivers will be blocked. If you enable this setting, installation of a printer using a kernel-mode driver will not be all
ot prevent users from using the Add Hardware Wizard to add a printer. Nor does it prevent users from running other programs to add print

printers: 50 If you would like to not display printers of a certain type, enable this policy and set the number of printers to display to 0. In W

pts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server. If th

pts that are blocked by this policy. Administrators may need to set both policies to block all print connections to a specific print server. If th
e the location of the user's computer. When users search for printers, the system uses the specified location (and other search criteria) to fi
the printer's location or location naming scheme. Enabling Location Tracking adds a Browse button in the Add Printer wizard's Printer Name
able on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command
able on the client, no connection will be made. -You can configure Windows Vista clients so that security warnings and elevated command

o browse master servers only when Active Directory is not available. Note: A client license is used each time a client computer announces
r driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by t
Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print driv
tible driver, then the Point and Print connection will fail. This policy setting is not configured by default, and the behavior depends on the
published" setting is disabled.
ts. Computers running Windows 2000 Professional detect and republish deleted printer objects when they rejoin the network. However, be
mpts before deleting printers from Active Directory. If you enable this setting, you can change the interval between contact attempts. If yo
u can adjust the priority to improve the performance of this service. Note: This setting is used only on domain controllers.
cts the computer has published. By default, the pruning service contacts computers every eight hours and allows two retries before deletin
he default value is two retries. The "Directory Pruning Interval" setting determines the time interval between retries; the default value is ev

verification interval.
omputer does not respond. If you disable this setting, the domain controller does not prune this computer's printers. This setting is designe
rams Control Panel in Category View and Programs and Features in Classic View will be available to all users. When enabled, this setting ta

thods to install or uninstall programs.


is available to all users. This setting does not prevent users from using other tools and methods to change program access or defaults. Thi
ows Marketplace" task link will be available to all users. Note: If the "Hide Programs control Panel" setting is enabled, this setting is ignored
ndows Installer. Typically, system administrators publish programs to notify users of their availability, to recommend their use, or to enable
program components.

P value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that networ
). Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when
nt: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring
30). Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored wh
CP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that netw
he DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring that
. Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when
t: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring
f 0. Important: If the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored whe
the DSCP value for this service type is specified in the registry for a particular network adapter, this setting is ignored when configuring tha
gure it, then the setting has no effect on the system. Important: If the maximum number of outstanding packets is specified in the registry
s the default value of 80 percent of the connection. Important: If a bandwidth limit is set for a particular network adapter in the registry, t
a particular network adapter, then this setting is ignored when configuring that network adapter.
k adapter, this setting is ignored when configuring that network adapter.
articular network adapter, this setting is ignored when configuring that network adapter.
twork adapter, this setting is ignored when configuring that network adapter.
a particular network adapter, this setting is ignored when configuring that network adapter.
er, this setting is ignored when configuring that network adapter.
ork adapter, this setting is ignored when configuring that network adapter.
bility information, and WMI-capable applications will be unable to access reliability information from the listed providers.
oting and resolution, the DPS will detect Windows Resource Exhaustion problems and indicate to the user that assisted resolution is availab
ow the user to restore the computer to the original state or from a user-created system image. This is the default setting. If you disable this
o not configure this policy setting, the Persistent System Timestamp is refreshed according the default, which is every 60 seconds beginnin

System State Data feature occurs. Note: By default, the System State Data feature is always enabled on Windows Server 2003. See "Suppor
s displayed when you shut down a computer running Windows Server. (See "Supported on" for supported versions.) If you enable this pol
s policy setting, computers running this version and a previous version of the operating system can connect to this computer. If you do not
Vista) -No full window drag -Turn off background If you enable this policy setting, bandwidth optimization occurs at the level specified. I
novice. If you disable this policy setting, the user sees the default warning message. If you do not configure this policy setting, the user se
ging programs to allow connections to this computer. If you do not configure this policy setting, users can turn on or turn off Solicited (Ask
eir corporate technical support staff using Offer (Unsolicited) Remote Assistance. If you enable this policy setting, you have two ways to all

Encryption\Removable Data Drives."


Encryption\Removable Data Drives."

f you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication informatio
an error condition. If you do not configure this policy setting, it remains disabled. It will only generate a status code to indicate an error c
and will encounter RPC_S_SEC_PKG_ERROR when connecting to a server that uses constrained delegation. If you disable this policy settin
applicable when the RPC Client, the RPC Server and the RPC HTTP Proxy are all running Windows Server 2003 family/Windows XP SP1 or h
cy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versi
systems maintain RPC state information. -- "None" indicates that the system does not maintain any RPC state information. Note: Because
or the set of scripts to finish. To direct the system to wait until the scripts have finished, no matter how long they take, type 0. This interva
not configure this policy setting, Windows 2000 displays login scripts written for Windows NT 4.0 and earlier. Also, see the "Run Logon Scrip
nd can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set
nd can run simultaneously. This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set

A, GPO B, and GPO C). This policy setting is enabled in GPO A. GPO B and GPO C include the following computer startup scripts: GPO B: B.
enabled in GPO A. GPO B and GPO C include the following user logon scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also tha
enabled in GPO A. GPO B and GPO C include the following user logon scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also tha

with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, whether the ""Run
. Note: Starting with Windows Vista operating system, scripts that are configured to run asynchronously are no longer visible on startup, w
S or WINS is disabled, and the DNS suffixes are not configured.

ility to launch standalone troubleshooting packs such as those found in .diagcab files.
g content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. If you disable this polic
y setting, Windows will not be able to detect, troubleshoot or resolve problems on a scheduled basis. If you do not configure this policy se

ontrol Panel setting is set to not index encrypted content. When this setting is enabled or disabled, the index is rebuilt completely. Full vo

words that differ only because of diacritics as the same word.


tion only when it can determine the language of a document with high confidence.

arch can perform queries on the web, and if the web results are displayed in Search.
ch. If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web over metered conne
nfo: Share usage information but don't share search history, Microsoft account info or specific location. If you disable or don't configure th

previously specified user locations will be visible.

th policies.
y. The default behavior for Search is to not index online delegate mailboxes. Disabling this policy will block any indexing of online delegate
nge server can support. If you set this policy to not configured, then online mail items will be indexed at the speed of 120 items per minute

f your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, where XXXX is the locale ID
tranet search service is SharePoint Portal Server, your query should resemble the following: http://sitename/Search.aspx?k=$w If your int
Desktop Search results, and your users can choose the location of the preview pane

xxxx-xxxx-xxxx-xxxxxxxxxxxx} (include the braces) or a ProgID such as VisFilter.CFilter.1. If you maintain a locked desktop environment, this
cify the file system path to be indexed under the "Computer Configuration" Group Policy. If you enable and then disable this policy setting

to be indexed under the "Computer Configuration" Group Policy.

e file system path to be indexed under the "Computer Configuration" Group Policy.
ed. If you want to specify an initial default list of excluded file types that users can change later, see the administration guide for informati

urity Center status section are displayed. Note that Security Center can only be turned off for computers that are joined to a Windows dom

rver 2008 R2) or “Do not start Server Manager automatically at logon” (Windows Server 2012) option is selected, the console is not display
and Windows Server 2008 R2), or the “Refresh the data shown in Server Manager every [x] [minutes/hours/days]” setting (in Windows Se
layed when an administrator logs on to the server. However, if an administrator selects the "Do not show this window at logon" option, the
ot displayed.
locations can be specified when each path is separated by a semicolon. The network location can be either a folder, or a WIM file. If it is a

configurable by the user.


onfigurable by the user.
rowser" group is on by default and configurable by the user.

ose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC use
ose to share writing samples from the handwriting recognition personalization tool with Microsoft. If you disable this policy, Tablet PC use

SMB shares on folders. If you disable or don't configure this policy setting, users can share files out of their user profile after an administra
by default. You must restart the computer for this policy setting to take effect.
mputer uses logon, logoff, startup, or shutdown batch file scripts, or for users that use Remote Desktop Services.

es. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the c
Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting programs in the com
ps and features can work with OneDrive file storage.
. If you enable or disable this setting, do not return the setting to Not Configured. Doing so will not change the configuration and the last c
policy setting, apps and features can work with OneDrive file storage.

y setting, users with a connected account will save documents to OneDrive by default.
ll Purpose EKU - Certificates with a Client Authentication EKU If you disable or do not configure this policy setting, only certificates that co

are for the same user (determined by their UPN). If there are two or more of the "same" certificate on a smart card and this policy is ena
ior. If you enable this setting, then Windows will attempt to read all certificates from the smart card regardless of the feature set of the CS

or their time validity has expired. If you disable or do not configure this policy setting, certificates which are expired or not yet valid will no

e will be displayed. This setting controls the appearance of that subject name and might need to be adjusted per organization. If you enab

ot be displayed.
mart cards that have passed the Windows Hardware Quality Labs (WHQL) testing process.

as document signing, are not affected by this policy setting. Note: If you use an ECDSA key to log on, you must also have an associated ECD
h this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following

configure this setting, employees can choose whether to use Windows Defender SmartScreen.
configure this setting, employees can choose whether to use Windows Defender SmartScreen.

ed network node that receives SNMP packets from the network. If you enable this policy setting, the SNMP agent only accepts requests fro
ble this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting. If yo
gent to notify management systems asynchronously. If you enable this policy setting, the SNMP service sends trap messages to the hosts w

on tab is displayed. If you disable or do not configure this policy setting, the Classification tab is hidden.
able for classification on the affected computers. If you disable or do not configure this policy setting, the Global Resource Property List in
ccess Denied message that doesn't provide any of the functionality controlled by this policy setting, regardless of the file server configuratio
n, the Recent Items menu and the Jump Lists appear just as it did when the user logged off. Note: The system saves document shortcuts in
play Logoff item to add and remove the Log Off item. This setting affects the Start menu only. It does not affect the Log Off item on the Win
Start menu slow to open.
ed menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menu
roperties. If you disable this setting or do not configure it, the user can configure the taskbar position. Note: Enabling this setting also lock
ng this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM pro
s area. If you disable this setting, the system notification area will always collapse notifications. If you do not configure it, the user can cho
able this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.

not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.

ut you configured. Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file
ut you configured. Once the XML file is generated and moved to the desired file path, type the fully qualified path and name of the XML file
hen you press CTRL+ALT+DELETE. If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep
hen you press CTRL+ALT+DELETE, and from the logon screen. If you disable or do not configure this policy setting, the Power button and th

tart menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu optio
events the user from using the F3 key. In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does n

from the Start Menu" and "Turn off personalized menus". This policy setting does not prevent users from pinning programs to the Start M
ove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users cannot tu
sable or do not configure this policy setting, Network Connections is available from the Start Menu. Also, see the "Disable programs on Se

the Start Menu and Taskbar do not show lists of recently or frequently used files, folders, or websites. If you disable or do not configure th
the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu
he target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to fi
m then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an
oards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R. If you disabl
ou disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are availab

do not configure this policy setting, the Default Programs link is available from the Start menu. Note: This policy setting does not prevent
ments icon is available from the Start menu. Also, see the "Remove Documents icon on the desktop" policy setting.

user-specific folders, not just those associated with redirected folders. If you enable this setting, no folders appear on the top section of th
andard desktop icons. If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the S

g if they choose.
menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock. If this setting is disabled or is

shown in the user's taskbar. Note: Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notificatio

eep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates th

em. This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears whe

skbar to issue the "Run as different user" command.

her displays by pressing the Start button on that display. Also, the user will be able to configure this setting.

. If you disable or do not configure this policy setting, users can change the System Restore settings through System Protection. Also, see t
If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through Syst
to complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this
to complete lists will appear next to Input Panel in applications where the functionality is available. Users will not be able to configure this
will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel tab will appe
will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel tab will appe
ure this setting in the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to any text entry area in applic
ure this setting in the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to any text entry area in applic
the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to text entry areas in applications where this be
the Input Panel Options dialog box. If you disable this policy, Input Panel will appear next to text entry areas in applications where this be
cuts. If you enable this policy and choose “Low” from the drop-down box, password security is set to “Low.” At this setting, all password se
cuts. If you enable this policy and choose “Low” from the drop-down box, password security is set to “Low.” At this setting, all password se
an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, rarely used Chinese, Kanji, and H
an on-screen keyboard to enter text, symbols, numbers, or keyboard shortcuts. If you enable this policy, rarely used Chinese, Kanji, and H
” from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the I
” from the drop-down menu, no scratch-out gestures will be available in Input Panel. Users will not be able to configure this setting in the I
ide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this pol
ide text prediction suggestions. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this pol
s policy is a subset of the Disable pen flicks policy. If you disable or do not configure this policy, all the features described above will be ava
s policy is a subset of the Disable pen flicks policy. If you disable or do not configure this policy, all the features described above will be ava

emote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network con

and Security and Maintenance will be displayed on the taskbar. A reboot is required for this policy setting to take effect.

ese (Lunar) or Traditional Chinese (Lunar), regardless of the locale. If you disable this policy setting, users cannot show an additional calend
hat appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs. Important: This setti
hat appear on the Start menu and its submenus. Once a task is created, users cannot change the program a task runs. Important: This setti
, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having th
, idle time and power management settings, and its security context. Beginning users will often not be interested or confused by having th
eate new tasks, and it does not prevent users from deleting tasks. Note: This setting appears in the Computer Configuration and User Confi
eate new tasks, and it does not prevent users from deleting tasks. Note: This setting appears in the Computer Configuration and User Confi
nagement settings, and its security context. Note: This setting appears in the Computer Configuration and User Configuration folders. If bo
nagement settings, and its security context. Note: This setting appears in the Computer Configuration and User Configuration folders. If bo
ministrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
ministrators of a computer from using At.exe to create new tasks or prevent administrators from submitting tasks from remote computers.
ng in User Configuration. Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
ng in User Configuration. Important: This setting does not prevent administrators of a computer from using At.exe to delete tasks.
me is resolved successfully, the host will have ISATAP configured with a link-local address and an address for each prefix received from the

configure 6to4 with one of the following settings: Policy Default State: 6to4 is enabled if the host has only link-local IPv6 connectivity and

network that includes a domain controller. Enterprise Client: The Teredo interface is always present, even if the host is on a network that in

g in the Teredo client's NAT device, Teredo might stop working or connectivity might be intermittent. If you disable or do not configure this

PS interface is always present, even if the host has other connectivity options. Policy Disabled State: No IP-HTTPS interfaces are present on
If you disable this policy setting, Window Scaling Heuristics will be disabled and system will not try to identify connectivity and throughpu

n and the session time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a
op Services always allows Clipboard redirection. If you do not configure this policy setting, Clipboard redirection is not specified at the Grou
etting, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see
des any initial program policy settings. If you disable or do not configure this policy setting, an initial program can be specified that runs on
perties sheet by using Server Manager. By default, only programs in the RemoteApp Programs list can be started when a user starts a Rem
ease the load on the remote computer. If you enable this policy setting, desktop composition will be allowed for remote desktop sessions.
directed to the RD Session Host server where their session exists. If you disable this policy setting, users who do not have an existing sessio

cted state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged o
cted state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged o
ont smoothing is allowed for remote connections. You can configure font smoothing on the Experience tab in Remote Desktop Connection
adapter must be configured for Remote Desktop IP Virtualization to work.

on, and multiple per user application installation requests are queued and handled by the msiexec process in the order in which they are r
do not configure this policy setting, Remote Desktop IP Virtualization is turned off.

esktop Connection.
nections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption m
on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password
rted by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is no
n, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialo
mplate will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate sel
w users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings o
, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they sele
using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, eit
is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic recon
termined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the c
cy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
incoming connections. If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target
ces session. If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Re
by default to Remote Desktop Services sessions. If the status is set to Enabled, wallpaper never appears in a Remote Desktop Services ses
etting, logging off the connected administrator is allowed. Note: The console session is also known as Session 0. Console access can be ob
tablished (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active. If you enable
erver in the following order: 1. Remote Desktop license servers that are published in Active Directory Domain Services. 2. Remote Deskto
e. If you enable this policy setting, these notifications will not be displayed on the RD Session Host server. If you disable or do not configur
nable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server. If you disa
rs allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Se
the Shut Down Windows dialog box. Note: This policy setting affects only the Shut Down Windows dialog box. It does not prevent users fro
red, Windows Security remains in the Settings menu.
ion Host servers. If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background
ith the session, without the user's consent. 4. View Session with user's permission: Allows the administrator to watch the session of a rem
ith the session, without the user's consent. 4. View Session with user's permission: Allows the administrator to watch the session of a rem
op Services. If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
er. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. T
er. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off. T
tors are read-only. If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user s
This policy setting overrides any initial program policy settings. If you disable or do not configure this policy setting, an initial program can
hoose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without
ervices uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account nam
mandatory user profiles are not used by users connecting remotely to the RD Session Host server. Note: For this policy setting to take effe
gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user pro
e server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint
erver 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. B
videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled. By default, audio and video playback
d with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compre
ndows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or W
op Services always allows Clipboard redirection. If you do not configure this policy setting, Clipboard redirection is not specified at the Grou
policy setting, Remote Desktop Services always allows COM port redirection. If you do not configure this policy setting, COM port redirecti
st server automatically maps the client default printer and sets it as the default printer upon connection. If you do not configure this polic
er driver that matches the client printer, the client printer is not available for the Remote Desktop session. If you disable this policy setting,
er driver that matches the client printer, the client printer is not available for the Remote Desktop session. If you disable this policy setting,
d Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP. If you disable th
direction is always allowed. If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.
p Connection to choose the supported Plug and Play devices to redirect to the remote computer. If you enable this policy setting, users can
able this policy setting, users can redirect print jobs with client printer mapping. If you do not configure this policy setting, client printer m
client's printer is not available. You can choose to change this default behavior. The available options are: "Do nothing if one is not found"
000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
session time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a Microsoft
te Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not re
olicy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name polic
ecify an existing farm name, the server joins that farm in RD Connection Broker. If you enable this policy setting, you must specify the nam
he RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by I
n Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated
gs Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy
gs Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy
By default, these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting, disconnected s
By default, these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting, disconnected s
move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not con
move the mouse to keep the session active. If you have a console session, idle session time limits do not apply. If you disable or do not con
lose programs. If you have a console session, active session time limits do not apply. If you disable or do not configure this policy setting, t
lose programs. If you have a console session, active session time limits do not apply. If you disable or do not configure this policy setting, t
orary folders are deleted when a user logs off, even if the server administrator specifies otherwise. If you do not configure this policy settin
sessionid. If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions o
les and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message tha
les and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message tha
hout specifying an .rdp file). If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certific
ent without specifying an .rdp file). If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid
mbprint field. If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. Notes: You can defin
mbprint field. If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher. Note: You can define
etting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer an
If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Hos
icy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. Th
ble or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
width, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memor
n Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as Remo
e policy has to be set on the Hyper-V host machine. If you set the encoding option to “Attempt only for RemoteFX vGPU virtual machines”

ktop client will use hardware accelerated decoding if supported hardware is available.
s. You can select either Rich multimedia or Text. If you disable or do not configure this policy setting, Remote Desktop Services sessions are
ot available for RDP redirection by using any user account. For this change to take effect, you must restart Windows.
1. When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression s
compression that is performed). If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by s
that only support the Windows Server 2008 R2 SP1 RemoteFX Codec.If you disable or do not configure this policy setting, non-Windows th
specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change t
etwork Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality. If you disable Conne
all of the RDP traffic will use TCP. If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering t

D Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions us

, touch input is on by default. Note: Changes to this setting will not take effect until the user logs off.
, touch input is on by default. Note: Changes to this setting will not take effect until the user logs off.
the user logs off.
the user logs off.
rative delegation blob plus the TPM user delegation blob, or none. If you enable this policy setting, Windows will store the TPM owner aut
tpm.msc" and navigate to the "Command Management" section. If you disable or do not configure this policy setting, only those TPM com
isible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.m
nds is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands. If you disab
end commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a command to the TP
standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standard user sends a
ows the speed standard users can send commands requiring authorization to the TPM. An authorization failure occurs each time a standar
licy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will re
ndent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
until the policy is disabled or until the TPM is in a Ready state.

eport settings package size.


eport settings package size.
d from this location. If you specify a UNC path and leave the option to replace the default Microsoft templates unchecked, the UE-V Agent
this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronizati
this policy setting, the user settings which are common between the versions of Internet Explorer are excluded from settings synchronizati
gure this policy setting, any defined values will be deleted.
gure this policy setting, any defined values will be deleted.
gure this policy setting, any defined values will be deleted.
gure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
be deleted.
be deleted.

ween the Microsoft Office Suite 2016 applications continue to synchronize. If you disable this policy setting, the user settings which are com
ween the Microsoft Office Suite 2016 applications continue to synchronize. If you disable this policy setting, the user settings which are com
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
nter user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be dele
nter user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be dele
hronization settings. If you do not configure this policy setting, any defined values will be deleted.
hronization settings. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
onfigure this policy setting, any defined values will be deleted.
onfigure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
lications will continue to be backed up. If you disable this policy setting, certain user settings which are common between the Microsoft O
lications will continue to be backed up. If you disable this policy setting, certain user settings which are common between the Microsoft O
gure this policy setting, any defined values will be deleted.
gure this policy setting, any defined values will be deleted.
s policy setting, any defined values will be deleted.
s policy setting, any defined values will be deleted.
olicy setting, any defined values will be deleted.
olicy setting, any defined values will be deleted.
do not configure this policy setting, any defined values will be deleted.
do not configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
d up. If you do not configure this policy setting, any defined values will be deleted.
d up. If you do not configure this policy setting, any defined values will be deleted.
nfigure this policy setting, any defined values will be deleted.
nfigure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
policy setting, any defined values will be deleted.
policy setting, any defined values will be deleted.
his policy setting, any defined values will be deleted.
his policy setting, any defined values will be deleted.
ommon between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. If you enable this polic
ommon between the Microsoft Office Suite 2016 applications from synchronization between computers with UE-V. If you enable this polic
UE-V. If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. If you disable this policy s
UE-V. If you enable this policy setting, Microsoft Office 365 Access 2016 user settings continue to sync with UE-V. If you disable this policy s
If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. If you disable this policy setting
If you enable this policy setting, Microsoft Office 365 Excel 2016 user settings continue to sync with UE-V. If you disable this policy setting
you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. If you disable this policy setting, M
you enable this policy setting, Microsoft Office 365 Lync 2016 user settings continue to sync with UE-V. If you disable this policy setting, M
s with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. If you disable th
s with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2016 user settings continue to sync with UE-V. If you disable th
ith UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. If you disable this p
ith UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2016 user settings continue to sync with UE-V. If you disable this p
mputers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. If you
mputers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings continue to sync with UE-V. If you
UE-V. If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. If you disable this policy
UE-V. If you enable this policy setting, Microsoft Office 365 Project 2016 user settings continue to sync with UE-V. If you disable this policy
rs with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. If you disable t
rs with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2016 user settings continue to sync with UE-V. If you disable t
If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. If you disable this policy setting,
If you enable this policy setting, Microsoft Office 365 Visio 2016 user settings continue to sync with UE-V. If you disable this policy setting,
V. If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. If you disable this policy settin
V. If you enable this policy setting, Microsoft Office 365 Word 2016 user settings continue to sync with UE-V. If you disable this policy settin
ween the Microsoft Office Suite 2013 applications continue to synchronize. If you disable this policy setting, the user settings which are com
ween the Microsoft Office Suite 2013 applications continue to synchronize. If you disable this policy setting, the user settings which are com
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
gs. If you do not configure this policy setting, any defined values will be deleted.
gs. If you do not configure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
nter user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be dele
nter user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be dele
hronization settings. If you do not configure this policy setting, any defined values will be deleted.
hronization settings. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
3 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted
3 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted
onfigure this policy setting, any defined values will be deleted.
onfigure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
lications will continue to be backed up. If you disable this policy setting, certain user settings which are common between the Microsoft O
lications will continue to be backed up. If you disable this policy setting, certain user settings which are common between the Microsoft O
gure this policy setting, any defined values will be deleted.
gure this policy setting, any defined values will be deleted.
s policy setting, any defined values will be deleted.
s policy setting, any defined values will be deleted.
not configure this policy setting, any defined values will be deleted.
not configure this policy setting, any defined values will be deleted.
olicy setting, any defined values will be deleted.
olicy setting, any defined values will be deleted.
do not configure this policy setting, any defined values will be deleted.
do not configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
d up. If you do not configure this policy setting, any defined values will be deleted.
d up. If you do not configure this policy setting, any defined values will be deleted.
nfigure this policy setting, any defined values will be deleted.
nfigure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
SharePoint Designer 2013 will not be backed up. If you do not configure this policy setting, any defined values will be deleted.
SharePoint Designer 2013 will not be backed up. If you do not configure this policy setting, any defined values will be deleted.
policy setting, any defined values will be deleted.
policy setting, any defined values will be deleted.
his policy setting, any defined values will be deleted.
his policy setting, any defined values will be deleted.
ommon between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. If you enable this polic
ommon between the Microsoft Office Suite 2013 applications from synchronization between computers with UE-V. If you enable this polic
UE-V. If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. If you disable this policy s
UE-V. If you enable this policy setting, Microsoft Office 365 Access 2013 user settings continue to sync with UE-V. If you disable this policy s
If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. If you disable this policy setting
If you enable this policy setting, Microsoft Office 365 Excel 2013 user settings continue to sync with UE-V. If you disable this policy setting
with UE-V. If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. If you disable this
with UE-V. If you enable this policy setting, Microsoft Office 365 InfoPath 2013 user settings continue to sync with UE-V. If you disable this
you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. If you disable this policy setting, M
you enable this policy setting, Microsoft Office 365 Lync 2013 user settings continue to sync with UE-V. If you disable this policy setting, M
s with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. If you disable th
s with UE-V. If you enable this policy setting, Microsoft Office 365 OneNote 2013 user settings continue to sync with UE-V. If you disable th
ith UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. If you disable this p
ith UE-V. If you enable this policy setting, Microsoft Office 365 Outlook 2013 user settings continue to sync with UE-V. If you disable this p
mputers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. If you
mputers with UE-V. If you enable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings continue to sync with UE-V. If you
UE-V. If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. If you disable this policy
UE-V. If you enable this policy setting, Microsoft Office 365 Project 2013 user settings continue to sync with UE-V. If you disable this policy
rs with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. If you disable t
rs with UE-V. If you enable this policy setting, Microsoft Office 365 Publisher 2013 user settings continue to sync with UE-V. If you disable t
nchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings
nchronization between computers with UE-V. If you enable this policy setting, Microsoft Office 365 SharePoint Designer 2013 user settings
If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. If you disable this policy setting,
If you enable this policy setting, Microsoft Office 365 Visio 2013 user settings continue to sync with UE-V. If you disable this policy setting,
V. If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. If you disable this policy settin
V. If you enable this policy setting, Microsoft Office 365 Word 2013 user settings continue to sync with UE-V. If you disable this policy settin
ween the Microsoft Office Suite 2010 applications continue to synchronize. If you disable this policy setting, the user settings which are com
ween the Microsoft Office Suite 2010 applications continue to synchronize. If you disable this policy setting, the user settings which are com
u do not configure this policy setting, any defined values will be deleted.
u do not configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
configure this policy setting, any defined values will be deleted.
gs. If you do not configure this policy setting, any defined values will be deleted.
gs. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
ttings. If you do not configure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
figure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
onization settings. If you do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ou do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
ettings. If you do not configure this policy setting, any defined values will be deleted.
space 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will
space 2010 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will
0 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted
0 user settings are excluded from the synchronization settings. If you do not configure this policy setting, any defined values will be deleted
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.
onfigure this policy setting, any defined values will be deleted.
onfigure this policy setting, any defined values will be deleted.

this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronizatio
this policy setting, only the selected Windows settings synchronize. Unselected Windows settings are excluded from settings synchronizatio
ent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. Set SyncMeth
ent uses no sync provider. Settings are written directly to the settings storage location rather than being cached to sync later. Set SyncMeth
omputers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state
omputers in pooled VDI environments that reset to a clean state on logout. With this policy enabled you can roll settings back to the state
te: If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows
te: If the user connects their Microsoft account for their computer then the UE-V Agent will not synchronize Windows apps. The Windows
om the tray icon. With this setting disabled, the tray icon does not appear in the system tray, UE-V never displays notifications, and the use
defined values are deleted.
App List are synchronized. If you do not configure this policy setting, any defined values are deleted.
vider doesn’t ping the settings storage location before synchronizing settings packages. If you do not configure this policy, any defined valu
vider doesn’t ping the settings storage location before synchronizing settings packages. If you do not configure this policy, any defined valu

metered connection that is roaming. If you do not configure this policy setting, any defined values are deleted.
metered connection that is roaming. If you do not configure this policy setting, any defined values are deleted.

s group. By configuring this policy setting, you can alter this behavior. If you enable this policy setting, the administrator group is also give
No checks are made for the correct permissions if the profile folder already exists. For Windows Server 2003 family, Windows 2000 Professi
EPATH% stores the remainder of the fully qualified path to the home directory (such as \dir1\dir2\homedir). As a result, users can access a
e is slow to load. If you enable this policy setting, any local copies of the user's roaming profile are deleted when the user logs off. The roam
user profiles, and it ignores the policy settings that tell the system how to respond to a slow connection. If you disable this policy setting o
then is able to choose to download the remote copy of the user profile. In Microsoft Windows Vista, a check box appears on the logon scr
g folder rather than all of the AppData\Roaming folder to the exclusion list. By default, the Appdata\Local and Appdata\LocalLow folders a
n increasing logon time. You can use this policy setting to change this behavior. If you enable this policy setting, Windows will not delete W
are notified when the profile exceeds the permitted maximum size. -- Specify a customized message notifying users of the oversized profil
nt users configured to use roaming profiles from receiving their profile on a specific computer. If you enable this setting, the following occu
han their server-based profiles. If you enable this policy setting, you can override the amount of time Windows waits for user input before
file cannot be loaded. If you disable this policy setting or do not configure it, Windows logs on the user with a temporary profile when Win
service is reading or editing the registry, the system cannot unload it. The system tries repeatedly (at a rate of once per second) to unload a
g this policy setting, you can prevent changes made to a roaming profile on a particular computer from being persisted. If you enable this p
en when loading is slow. If you disable this policy setting or do not configure it, when a remote profile is slow to load, the system loads the
e slow to load. If you enable this policy setting, you can change how long Windows waits for a response from the server before considering
will not automatically delete any profiles on the next system restart.
you disable or do not configure this policy setting, the paths specified in this policy setting will behave like any other cached data via Offline
ad the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed. If you disable or d
enable this policy setting, Windows waits for the network to become available up to the maximum wait time specified in this policy setting.
ou need to ensure that you have set the appropriate security on the folder to allow all users to access the profile. If you enable this policy
ws uploads the profile's registry file at the specified interval after the user logs on. For example, with a value of 6 hours, the registry file of t
lso be able to retrieve the user's UPN, SIP/URI, and DNS. "Always off" - users will not be able to change this setting and the user's name an

he user's account in Active Directory Domain Services (AD DS). This policy setting also requires the Windows Server 2012 version of the Ac
ive letter to assign to the file share. If you choose “On the local computer,” enter a local path (for example, C:\HomeFolder) in the Path box
d on for a computer. This policy setting is applied when you turn on BitLocker. Note: You might need to set up appropriate schema extensio
ining a 256-bit recovery key. If you enable this policy setting, you can configure the options that the setup wizard displays to users for reco
computer's environment variables in the path. If the path is not valid, the BitLocker setup wizard will display the computer's top-level folde
dows Server 2008 R2, or Windows 7. If you enable this policy setting you will be able to choose an encryption algorithm and key cipher str
icy setting you will be able to choose an encryption algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable
recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will
do not configure this policy setting, BitLocker secrets are removed from memory when the computer restarts.
y enforced when BitLocker or device encryption is enabled.
ult recovery message and URL" option. If you select the "Use custom recovery message" option, the message you type in the "Custom rec
tem check during BitLocker setup. If you disable or do not configure this policy setting, enhanced PINs will not be used.
count Policies\Password Policy\ must be also enabled. Note: These settings are enforced when turning on BitLocker, not when unlocking a
rted following BitLocker recovery.

uired for management of certificate-based data recovery agents on BitLocker-protected drives and for potential updates to the BitLocker To
1.3.6.1.4.1.311.67.1.1 Note: BitLocker does not require that a certificate have an EKU attribute, but if one is configured for the certificate
tform and Boot Configuration Data (BCD) integrity validation, as defined by the "Allow Secure Boot for integrity validation" group policy, th
ment Console or the Local Group Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more inf
s policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not
d data. When the computer starts, it can require users to insert a USB flash drive containing a startup key. It can also require users to enter
this mode either a password or a USB drive is required for start-up. When using a startup key, the key information used to encrypt the drive
computer and the BitLocker Drive Encryption Network Unlock server must be provisioned with a Network Unlock certificate. The Network
components change while BitLocker protection is in effect, the TPM will not release the encryption key to unlock the drive and the comput
uration store different values into the Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for nativ
he Platform Configuration Registers (PCRs). Use the "Configure TPM platform validation profile for BIOS-based firmware configurations" gro
OTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default
omputers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites us
ndows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Rec
. If this policy is not enabled, the options of "Require additional authentication at startup" policy apply.
atform is capable of Secure Boot-based integrity validation. If you disable this policy setting, BitLocker will use legacy platform integrity val
r. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data recovery agents
Password Policy\ must be also enabled. Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLoc

and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives. When this policy setting is e
of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate their ac
s policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not
ers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites used with
Policy Editor. Consult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information about adding data reco
itLocker Drive encryption from the drive or suspend the encryption while maintenance is performed. Consult the BitLocker Drive Encryptio
ed. Note: These settings are enforced when turning on BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with
ill be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification
P with SP2, and their content can be viewed. These operating systems have read-only access to BitLocker-protected drives. When this polic
with any of the protectors available on the drive. If you disable this policy setting, users are not allowed to use smart cards to authenticate
s policy setting the encryption type that BitLocker will use to encrypt drives is defined by this policy and the encryption type option will not
mputers that do not support hardware-based encryption and whether you want to restrict the encryption algorithms and cipher suites use
ectRate This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections
at host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Servic

to a non-domain based network, automatic connection attempts to domain based networks are blocked. Manual connection attempts -
in is also blocked. Additional manual connection attempts by users to the Internet or to a Windows domain are not blocked by this policy s
ect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. Whe
ally fix problems it detects or indicate to the user that assisted resolution is available. If you disable this policy setting, Windows cannot de

g allows users to access all WCN wizards.


g allows users to access all WCN wizards.
ble this policy setting, operations are disabled over all media. If you do not configure this policy setting, operations are enabled over all me

by Group Policy will be used in the resulting effective policy. Group Policy settings will override preference settings configured by the local
gure this policy setting, Windows Defender Antivirus automatically takes action on all detected threats after a nonconfigurable delay of app

the order specified above. If you disable or do not configure this setting, the proxy will skip over this fallback step according to the order sp
. The URL should be proceeded with either http:// or https://. If you disable or do not configure this setting, the proxy will skip over this fa
and after the specified start time. If you disable this setting, scheduled tasks will begin at the specified start time.
s restarted, the service will be started if it is set to Automatic startup. After the service has started, there will be a check to see if antivirus

p.exe". The value is not used and it is recommended that this be set to 0.
xe". The value is not used and it is recommended that this be set to 0.

mputer that is up-to-date with all the latest security updates, network protection will have no impact on network performance. If you enab
program activity will be present on those volumes. The options for this setting are mutually exclusive: 0 = Scan incoming and outgoing file

quency specified. If you disable or do not configure this setting, a scheduled full scan to complete remediation will run at a default freque
ll scan to complete remediation will run at a default time.

ed scan configured, there will be no catch-up scan run. If you disable or do not configure this setting, catch-up scans for scheduled full sca
eduled scan configured, there will be no catch-up scan run. If you disable or do not configure this setting, catch-up scans for scheduled qui

er for the default number of days.

scheduled scan will run at a default frequency.


n at a default time.
at a default time.

disable or do not configure this setting, spyware definitions will be considered out of date after the default number of days have passed w
e or do not configure this setting, virus definitions will be considered out of date after the default number of days have passed without an u
g sources in the list will not be contacted. If you disable or do not configure this setting, the list will remain empty by default and no source
fied. Once definition updates have been successfully downloaded from one specified source, the remaining sources in the list will not be co

e enabled. If you disable this setting, real-time definition updates will disabled.
figure this setting, the check for definition updates will occur at a default frequency.
ed. If you disable or do not configure this setting, the check for definition updates will occur at the default time.
antimalware service will not receive notifications to disable definitions.

Sight” feature will not function. MAPS -> The “Send file samples when further analysis is required” should be set to 1 (Send safe samples)

ware was removed. The information will be automatically collected and sent. In some instances, personal information might unintentionally

text displayed.
ng enabled in order to function. Possible options are: (0x0) Default windows defender blocking level (0x2) High blocking level - aggressive
three other MAPS settings - "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is
Block, then a record of the event will be in the event logs. Disabled: Users and applications will not be blocked from connecting to danger
ot configured: Same as Disabled. Windows Defender Antivirus automatically determines which applications can be trusted. You can add a
ule ID - Value column: Enter the status ID that relates to state you want to specify for the associated rule The following status IDs are perm
ons will be applied to the ASR rules. Not configured: Same as Disabled. You can configure ASR rules in the Configure Attack Surface Reduc
. You can enable controlled folder access in the Configure controlled folder access GP setting. Default system folders are automatically gua
Not configured: Same as Disabled. You can enable controlled folder access in the Configure controlled folder access GP setting. Windows

ormation will be shown on notifications. Not configured: Same as Disabled.


ntact information will be shown in the Windows Defender Security Center. Not configured: Same as Disabled.

ed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open
hese policies only affect programs that use the standard Open dialog box provided to developers of Windows programs. To see an example
applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista commo
Attachments and Saved Searches. If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
y to change these options. If you disable or not configure this policy, the default File Explorer behavior is applied to the user. Note: In oper
OCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved. For shell extensions to run on a per-user basis
al resources, such as an Internet server. If you enable this policy setting, Windows only searches the current target path. It does not search

llowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Contro

DFS tab is available.


h as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window. A
g to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Dri

gure this policy setting, users can open Folder Options from the View tab on the ribbon.

nu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer M
olicy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup. Note
Note: This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly tha

using their administrator credentials. Many programs can be installed only by an administrator. If you enable this setting and a user does no

policy setting, the Search button is available from the File Explorer toolbar. This policy setting does not affect the Search items on the File

is setting or select the "Do not restrict drives" option from the drop-down list. Note: The icons representing the specified drives still appea

of network resources in File Explorer and Network Locations. This policy setting does not prevent users from connecting to computers in th
or. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again usin

ou enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. If you disable this policy setting the prot
ou enable this policy setting the protocol is fully enabled, allowing the opening of folders and files. If you disable this policy setting the prot

://www.example.com/results.aspx?q={searchTerms}). You can add up to five additional links to the "Search again" links at the bottom of re
" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchCo
s deleted. If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both
-4739-ae1a-d4a54907c53f} or SampleVideos. Note: Disabling a known folder can introduce application compatibility issues in applications

ch results are returned * Disable ability to stack in the Context menu and Column headers * Exclude Libraries from the scope of Start searc
ues that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.

his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using S
his zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using S
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Searc
his zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using S
his zone using Search Connectors. If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using S
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for
de to the location of the default Library definition files.
de to the location of the default Library definition files.
h this feature enabled. If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following

policy is not configured, disabled, or the client machine is not domain-joined, no default associations will be applied at logon time. If the p

elect "4294967295" as the maximum amount of disk space. If you disable this policy setting or do not configure it, the default value is set
elays each startup. If you disable or do not configure this policy setting, by default, files are scanned only during setup. Note: This policy s
akes no exception for messages sent by computers that authenticate using IPsec. If you enable this policy setting and add systems to the lis
hat it asks Windows Defender Firewall to open, even if that port is blocked by another policy setting, such as the "Windows Defender Firew
irewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators w
figure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Fi
log on locally can work around the "Windows Defender Firewall: Do not allow exceptions" policy setting by turning off the firewall. If you
administrators cannot clear it. If you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this compu
enable this policy setting, you must specify which ICMP message types Windows Defender Firewall allows this computer to send or receiv
ndows Defender Firewall does not provide an option to log successful incoming messages. If you are configuring the log file name, ensure t
w program" check box is selected and administrators cannot clear it. If you do not configure this policy setting, Windows Defender Firewall
ng, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove
nt in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to
ws SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assign
able this policy setting, Windows Defender Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests
ses from the other computers and then blocks all later responses. Note: This policy setting has no effect if the unicast message is a respon
el, the "UPnP framework" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows Defender Fire
hat it asks Windows Defender Firewall to open, even if that port is blocked by another policy setting, such as the "Windows Defender Firew
irewall component in Control Panel does not allow administrators to define a local program exceptions list. However, local administrators w
figure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Fi
log on locally can work around the "Windows Defender Firewall: Do not allow exceptions" policy setting by turning off the firewall. If you
administrators cannot clear it. If you disable this policy setting, Windows Defender Firewall blocks these ports, which prevents this compu
enable this policy setting, you must specify which ICMP message types Windows Defender Firewall allows this computer to send or receiv
ndows Defender Firewall does not provide an option to log successful incoming messages. If you are configuring the log file name, ensure t
w program" check box is selected and administrators cannot clear it. If you do not configure this policy setting, Windows Defender Firewall
ng, note the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove
nt in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to
ws SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assign
able this policy setting, Windows Defender Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests
ses from the other computers and then blocks all later responses. Note: This policy setting has no effect if the unicast message is a respon
el, the "UPnP framework" check box is selected and administrators cannot clear it. If you disable this policy setting, Windows Defender Fire

lso able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally
If you disable or do not configure this policy setting, the dialog boxes are displayed when the user starts the Player for the first time.
e Player. If you do not configure this policy setting, and the "Set and lock skin" policy setting is enabled, some options in the anchor window
s policy setting, video smoothing occurs if necessary. Users can change the setting for the Use Video Smoothing check box. Video smoothi
t configure this policy setting, users can change the setting of the Retrieve media information for CDs and DVDs from the Internet check bo
sharing on or off.
are not selected and are not available. If you disable or do not configure this policy setting, users can change the setting of the Update my

ver during playback check box is cleared and is not available. If you do not configure this policy setting, users can change the setting for the
etting for the Download codecs automatically check box.
ock Skin policy is enabled, some options in the anchor window are not available.
u disable or do not configure this policy setting, the Privacy tab is not hidden, and users can configure any privacy settings not configured b
s by using the Corporate skin. The only way to specify the Corporate skin is to leave the Skin box blank. A user has access only to the Player
t or Browser is selected. The Configure button on the Network tab in the Player is not available for the HTTP protocol and the proxy cannot
available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.
available and the protocol cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden.

ab in the Player are not available. If you disable or do not configure this policy setting, users can change the buffering options on the Perfo
s, the Player uses default ports when using the UDP protocol. This policy setting also specifies that multicast streams can be received if the
gure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface. Note: If you do not want users to u
gure this behavior on the Preferences tab on the Tools menu in the Windows Messenger user interface. Note: If you do not want users to u

he WinRM client needs to use the list of trusted hosts, you must configure the list of trusted hosts locally on each computer.
P). If you disable or do not configure this policy setting, the WinRM service will not respond to requests from a remote computer, regardles

not configure this policy setting, the WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-in

ontaining a valid channel binding token is rejected. If HardeningLevel is set to Relaxed (default value), any request containing an invalid cha

15 min will be used.

setting, the value 150 is used by default.

e it, Windows searches for updates and automatically downloads them. Note: Windows Update is an online catalog customized for your co
Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
Windows dialog box if updates are available when the user selects the Shut Down option in the Start menu.
and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time t
and Shut Down' option will be the default option in the Shut Down Windows dialog box if updates are available for installation at the time t
anager from automatically installing driver updates from the Windows Update Web site. If enabled you can configure one of the following
at updates are ready to be downloaded. After going to Windows Update, users can download and install any available updates. 3 = (Defaul
e server to which updated workstations upload statistics. You can set both values to be the same server. An optional server name value can
olicy to have effect. Note: If the "Configure Automatic Updates" policy is disabled, this policy has no effect. Note: This policy is not suppor
User Account Control window and do not need elevated permissions to install these updates, except in the case of updates that contain Us

red software is available. The user can click the notification to open the Windows Update Application and get more information about the
ly wake the system up to install the updates. Windows update will also wake the system up and install an update if an install deadline occu
the status is set to Disabled or Not Configured, Automatic Updates will notify the user that the computer will automatically restart in 5 mi
utomatic updates installations" policy is enabled, then this policy has no effect.
policy has no effect. This policy has no effect on Windows RT

ne minute after the computer is next started. Note: This policy applies only when Automatic Updates is configured to perform scheduled in
status is set to Disabled or Not Configured, no target group information will be sent to the intranet Microsoft update service. Note: This po
et Microsoft update service location must be signed by Microsoft. Note: Updates from a service other than an intranet Microsoft update se
ate service using the "Specify intranet Microsoft update service location" policy.
devices reaches the next public release. Selecting "Enable preview builds" will enable preview builds installation on the device. Users can
than those set to Fast, and with changes and fixes identified in earlier builds. * Release Preview: Receive builds of Windows just before Mic
y" policy is set to 0, this policy will have no effect.

s automatically restart at scheduled time. Note that the default max active hours range is 18 hours from the active hours start time unless
bled, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installations. 2. Always automatic

heir work. If you disable or do not configure this policy, the default notification behaviors will be used.
of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending res

uccessful logon by that user. This message must be acknowledged by the user before the user is presented with the Microsoft Windows de
tting, you might want to examine and appropriately configure the “Set action to take when logon hours expire” setting. If “Set action to take
system will perform the action you specify when the user’s logon hours expire. If you disable or do not configure this setting, the system ta
ervices and Ease of Access applications can simulate the SAS. If you disable or do not configure this setting, only Ease of Access application

e program file is not located in a folder specified in the Path environment variable for your system, enter the fully qualified path to the file.
at user. If you disable this policy setting, the device does not store the user's credentials for automatic sign-in after a Windows Update rest
se applications will be automatically terminated during shutdown, helping to ensure that Windows can shut down faster and more smooth

a certain data limit. - Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost

user's contacts have shared with them, and enables users on this device to share networks with their contacts. "Enable paid services" ena

guration\Administrative Templates\Windows Components\WorkFolders. If the "Specify Work Folders settings" policy setting does not appl
cal Path" specifies the local folder used on the client machine to sync files. This path may contain environment variables. Note: In order for

user. No reboots or service restarts are required for this policy setting to take effect.

you enable this policy setting, notifications can still be raised by applications running on the machine via local API calls from within the app
Hours are enabled by default but can be turned off or by the administrator or user.

ing Quiet Hours by default. Adminstrators and users will be able to modify this setting.

- Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 3G connections is F
Variable: This connection is costed on a per byte basis. If this policy setting is disabled or is not configured, the cost of 4G connections is F

> Cellular on the device. If you choose the "Force Allow" option, Windows apps are allowed to access cellular data and employees in your
st it anyway you can select the certificate errors that you want to ignore. Note: This policy setting applies to all sites in Trusted zones.
e displayed when the "Add New Programs" page opens. You can use this setting to direct users to the programs they are most likely to nee
uration\Administrative Templates\Windows Components\Windows Installer) is enabled, users cannot add programs from removable media

ation files. If you enable this setting, users cannot tell which programs have been published by the system administrator, and they cannot u

his setting does not prevent users from using other tools and methods to install or uninstall programs.
aults. This setting does not prevent the Set Program Access and Defaults icon from appearing on the Start menu. See the "Remove Set Pro

s not appear, clicking the Add/Remove Windows Components button starts the Windows Component Wizard immediately. Because the on
etting or do not configure it, the Support Info hyperlink appears. Note: Not all programs provide a support information hyperlink.
s. However, this setting blocks user access to the Windows Component Wizard.

e on the system is increased. If the status is set to Enabled, the MS-DOS subsystem is prevented from running, which then prevents any 16

, the Switchback will be turned on. Please reboot the system after changing the setting to ensure that your system accurately reflects those
nstance: This may result in a blue screen if an old anti-virus application is installed.) The Windows Resource Protection and User Account C

o require better performance and are already aware of application compatibility issues. If you disable or do not configure this policy settin

e Improvement Program is turned off. The Inventory Collector will be off.

ll have access to the host device’s clipboard and its content. If you choose to enable copying, you must also choose the type of content tha
d off in Application Guard.

nfigure this setting, Application Guard deletes all user data within the Application Guard container.

nformation and employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed t
ees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access the calendar an
es in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access the call history a
in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access the camera and em
organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access contacts and employees in
tion cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access email and employees in your organi
rganization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access location and employees in yo
es and employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps cannot read or send messa
nd employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access the
ees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access motion data and
ees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access notifications an
your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to make phone calls and emplo
d employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps will not have access to control ra
pps are allowed to communicate with unpaired wireless devices and employees in your organization cannot change it. If you choose the "
n cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access tasks and employees in your organiza
d employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to access trusted
employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to run in the bac
e Allow" option, Windows apps are allowed to get diagnostic information about other apps and employees in your organization cannot chan

e XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reach
shing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). User Publishing Refresh Interval: Specifies the publishing r
shing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). User Publishing Refresh Interval: Specifies the publishing r
shing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). User Publishing Refresh Interval: Specifies the publishing r
shing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). User Publishing Refresh Interval: Specifies the publishing r
shing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean). User Publishing Refresh Interval: Specifies the publishing r

olicy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows

or a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http,
or a URI scheme. Note: Enabling this policy setting does not block Windows Store apps from opening the default desktop app for the http,

when file attachments are opened. If you do not configure this policy setting, Windows does not call the registered antivirus programs wh
ptions. If you enable this policy setting, you can choose the order in which Windows processes risk assessment data. If you disable this po
th their zone information.
and Unblock button.
t is in the list of low-risk file types, Windows will not prompt the user before accessing the file, regardless of the file's zone information. If
you do not configure this policy setting, Windows uses its built-in list of high-risk file types.
tting, Windows uses its default trust logic.
uses its default trust logic. If you do not configure this policy setting, Windows uses its default trust logic.
n events. Default: Not configured Note: When this policy setting is enabled, any user with access to read the security events will be able to
alog. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Complet
alog. If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to: a) Complet

or disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay
or disabled on all drives. This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay

ll prevent data loss in the event that someone forgets their logon credentials.
ers who log on using biometrics should create a password recovery disk; this will prevent data loss in the event that someone forgets their

t orphaned jobs occupying disk space. If you enable this policy setting, you can configure the inactive job timeout to specified number of d

ontinue to use approximately 2 kilobits. To prevent BITS transfers from occurring, specify a limit of 0. If you disable or do not configure this
riority levels: high, normal, and low. You can specify a limit to use for background jobs during a work schedule. For example, you can limit
dwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule. If you disable or do not configure this p
rom peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer cach
ng" policy setting is disabled or not configured.
ercent of the total system disk size. Note: This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configu
er computers before reverting to the origin server. Note: This policy setting has no effect if the "Allow BITS peer caching" policy setting is d
ng" setting is disabled or not configured.
policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwid
ault to transfer only when on uncosted network connections, but foreground jobs should proceed only when not roaming. The values that

or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local

omputer's administrative settings for Windows Branch Cache disable its use entirely.

se spotlight content service, the checkbox will have no effect. If you disable this policy setting, Windows spotlight will be turned off and us

a to provide personalized recommendations, tips and offers to tailor Windows for the user's needs, and make it work better for them. Note
tting only applies to Enterprise and Education SKUs.

nfigure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it
nfigure this policy setting, the program continues without the registration. As a result, the program might not perform all its functions, or it

list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name

nts dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System,
hout quotes), and to specify a list of pages to hide, it must begin with "hide:". If a page in a showonly list would normally be hidden for othe
his setting hides the Appearance and Themes tabs in the in Display in Control Panel.

through the "Screen Saver executable name" setting or through Control Panel on the client computer. Second, the screen saver timeout is
reen saver, including the .scr file name extension. If the screen saver file is not in the %Systemroot%\System32 directory, type the fully qua
er or not to set password protection on each screen saver. To ensure that a computer will be password protected, enable the "Enable Scre
aver dialog of the client computer's Personalization or Display Control Panel specifies a valid existing screen saver program on the client. W

ot available at user logon, the default visual style is loaded. Note: When running Windows XP, you can select the Luna visual style by typing

dence over this policy.


e\Corp.jpg. This can be used in conjunction with the "Prevent changing lock screen and logon image" setting to always force the specified l
ization allowed. If you disable or do not configure this policy setting, users will be able to customize their account pictures.
ng, the default logon domain is always set to the domain to which the computer is joined.
rs available for authentication purposes. If you disable or do not configure this policy, all installed and otherwise enabled credential provid

cy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the dev

not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, se
g can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be dele
(TERMSRV/*). If you disable this policy setting, delegation of fresh credentials is not permitted to any machine. Note: The "Allow delegatin
s policy setting, delegation of fresh credentials is not permitted to any machine. Note: The "Allow delegating fresh credentials with NTLM-
on any machine (TERMSRV/*). If you disable this policy setting, delegation of saved credentials is not permitted to any machine. Note: The
the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not perm
be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.
nnot be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresou
er credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/h
te Credential Guard to connect to remote hosts. Require Remote Credential Guard: Participating applications must use Remote Credentia

us code access to the user’s Windows credentials.


ndows components and applications that use the Windows system controls, including Internet Explorer.
ndows components and applications that use the Windows system controls, including Internet Explorer.

o start and stop programs, monitor the performance of their computers, view and monitor all programs running on their computers, includ

elated data, and app compatibility info. Note that setting values of 0 or 1 will degrade certain experiences on the device. A value of 2 (Enh
elated data, and app compatibility info. Note that setting values of 0 or 1 will degrade certain experiences on the device. A value of 2 (Enh

try policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhance
on Security Check exemptions" policy is not configured.
atted appid DCOM will add it to the list without checking for errors. If you enable this policy setting, you can view and change the list of DC
ptimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. 100=Bypass mode. Do n

m the desktop. They are simply not added again. Note: For this setting to take affect, you must log off and log on to the system.

ative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this
nistrator." If the filter bar does not appear above the resulting display, on the View menu, click Filter.

mory or disk space. This setting is designed to protect the network and the domain controller from the effect of expansive searches.
the Explorer Web views. If the user manages to navigate to Computer, the folder will be empty. If you disable this setting, Computer is disp

tected by the Virtualization Based Security feature. The "Disabled" option turns off Virtualization Based Protection of Code Integrity remot
f using a signed and protected policy then disabling this policy setting doesn't remove the feature from the computer. Instead, you must eit
number or when the driver was created. If you disable this policy setting, drivers that are signed by a Microsoft Windows Publisher certifi

oup are subject to all policy settings that restrict device installation.
devices that match these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy setting, or the "Preve
r do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
ation of devices that match any of these device IDs" policy setting, the "Prevent installation of devices for these device classes" policy settin
licy setting, devices can be installed and updated as allowed or prevented by other policy settings.
enable this policy setting on a remote desktop server, the policy setting affects redirection of removable devices from a remote desktop cli
hese device IDs," "Prevent installation of devices for these device classes," or "Prevent installation of removable devices" policy setting.

files are not digitally signed and lets the user decide whether to stop or to proceed with the installation and whether to permit unsigned fil

ate for drivers also see "Turn off Windows Update device driver searching" in Administrative Templates/System/Internet Communication M
or consent before going to Windows Update to search for device drivers.
or consent before going to Windows Update to search for device drivers.
then Windows will search for a driver only if a driver is not locally available on the system. If you disable or do not configure this policy setti
device drivers.

ured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not e
ut no corrective action is taken. If you do not configure this policy setting, the DPS enables S.M.A.R.T. fault resolution by default. This poli
tting, the default behavior is observed and the NV cache is used for boot and resume optimizations. Note: This policy setting is applicable o

saving mode. If you disable this policy setting, the system will manage the NV cache on the disks if the other policy settings for the NV cac
e stored in the NV cache. Note: This policy setting is applicable only if the NV cache feature is on.
TFS volumes. Note: This policy setting turns on disk quota management but does not establish or enforce a particular disk quota limit. To sp
en users reach an enforced disk quota limit, the system responds as though the physical space on the volume were exhausted. When users
n on the Quota tab. This policy setting applies to all new users as soon as they write to the volume. It does not affect disk quota limits for c
vents are recorded, but administrators can use the Quota tab option to change the setting. This policy setting is independent of the enforce
to change the logging setting. This policy setting does not affect the Quota Entries window on the Quota tab. Even without the logged eve

plication, the application will be turned off.


e application will be turned off.

he local or DHCP supplied list of DNS servers, if configured.


he primary DNS suffix. If you disable this policy setting, or if you do not configure this policy setting, each computer uses its local primary D
policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS s
gister PTR resource records even if registration of the corresponding A records was not successful. Register only if A record registration suc
computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual netwo
e one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record
g should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the

crosoft.com." To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended
mputers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, cl
olicy setting, computers do not send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource rec
onnection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix check box on the DNS tab in Advanced T
e state of the Append primary and connection specific DNS suffixes radio button and Append parent suffixes of the primary DNS suffix che
disable this policy setting, or you do not configure this policy setting, LLMNR will be enabled on all available network adapters.
the query fails, the unqualified multi-label name is appended with DNS suffixes. These suffixes can be derived from a combination of the lo
fail. If you disable this policy setting, or if you do not configure this policy setting, name resolution will be optimized when issuing DNS, LLM
This policy setting is applicable only if the turn off smart multi-homed name resolution policy setting is disabled or not configured.

ponses from networks lower in the binding order will be preferred over responses from link local protocols received from networks higher
ese Microsoft IME and Simplified Chinese Microsoft Pinyin.

ft IME and Simplified Chinese Microsoft Pinyin.


har 0xFFFF // no definition. If you disable or do not configure this policy setting, no range of characters are filtered by default. This policy

es feature. This Policy setting applies to Microsoft CHS Pinyin IME and JPN IME.
es feature. This Policy setting applies only to Microsoft CHS Pinyin IME.
rosoft CHS Pinyin IME.
Unknown: This driver has not been attested to by your malware detection application and has not been classified by the Early Launch Antim

enable this policy setting, the setting overrides any user changes made to Windows Error Reporting settings in Control Panel, and default va
u do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on compu
/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user setti
/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user setti

ut does not upload report data until the computer is connected to a more permanent power source.
ut does not upload report data until the computer is connected to a more permanent power source.

ng in the Default dropdown list. The Windows applications category is a subset of Microsoft applications. If you disable or do not configure
ated by applications in this list are not reported, even if the Default Application Reporting Settings policy setting is configured to report all a
list of applications that are always included in error reporting. To add applications to the list, click Show under the Report errors for applica
dows Error Reporting information is stored.
dows Error Reporting information is stored.

s policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If you disable or do not configure this p
s policy setting is enabled, the Exclude errors for applications on this list setting takes precedence. If you disable or do not configure this p
s to Problems page in Control Panel. The Maximum number of reports to queue setting determines how many reports can be queued befo
s to Problems page in Control Panel. If Queuing behavior is set to Always queue for administrator, reports are queued until an administrator
eports. - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, a
eports. - 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, a

afe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (w
afe additional data: the minimum data that is required to check for an existing solution, along with data which Windows has determined (w
ou disable or do not configure this policy setting, the Event Collector computer will not be specified.

are retained.

are retained.
ignore it. The same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and

are retained.

are retained.
same change should be made to the "Configure log access (legacy)" policy setting to enforce this change across all tools and APIs.

nts will not encrypt event log messages before writing them to the event log.

he bottom of the Exploit Protection area in the Windows Defender Security Center. - Place the generated XML file in a shared or local path
file folder at %userprofile%.

r other boot order configuration. If you do not configure this setting, users who are members of the Administrators group can make chang

y: Detection and troubleshooting of corrupted files will automatically start with no UI. Recovery is not attempted automatically. Windows w
you enable this policy setting, the application identified by the Package Family Name will be permitted to revoke access to all content prote

s will only be generated for files created on the system volume.

t be able to view the location of the last use of their active digitizer on their device.
standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. Note: This policy is valid onl
figured for "Automatic Caching", nor does it affect the availability of the "Always available offline" menu option in the user interface. Note:
ne" menu option in the user interface. Note: The configuration of this policy for any folder will override the configured value of "Do not au
standard English names for these subfolders when redirecting the Start Menu or legacy My Documents folder. Note: This policy is valid onl
e new network location using a method that preserves the state of the files, including their timestamps, before updating the Folder Redirec
Directory schema to function. If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures fold
Directory schema to function. If you enable this policy setting and the user has redirected folders, such as the Documents and Pictures fold

policy is not configured. This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is

om locale as their user locale, but they can still select a replacement locale if one is installed. If you disable or do not configure this policy
om locale as their user locale, but they can still select a replacement locale if one is installed. If you disable or do not configure this policy
n select a system locale only from the specified system locale list. If you disable or do not configure this policy setting, administrators can s

to English (Canada) and French (Canada). If you enable this policy setting, only locales in the specified locale list can be selected by users.
to English (Canada) and French (Canada). If you enable this policy setting, only locales in the specified locale list can be selected by users.
icy setting is not configured.
icy setting is not configured.
locale overrides. If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to
locale overrides. If this policy is set to Enabled at the computer level, then it cannot be disabled by a per-User policy. If this policy is set to
Administrative options, other policies may prevent them from modifying the values.
em from actually changing their current geographical location.
event them from changing their UI language.

e this policy setting in Windows Server 2003, Windows XP, or Windows 2000, to use the "Restrict selection of Windows menus and dialogs

disable or do not configure this policy setting, the logged-on user can access the dialog box controls in the Regional and Language Options c

ability and function of this setting is dependent on supported languages being enabled.

tic learning of speech, inking, and typing will be enabled and users cannot change its value via PC Settings. If this policy is disabled, autom
029, specifies that all two-digit years less than or equal to 29 (00 to 29) are interpreted as being preceded by 20, that is 2000 to 2029. Conv
cronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel i
cronyms). Deleting email content or the browser history does not delete the stored personalization data. Ink entered through Input Panel i
cy setting applies only to computers running Remote Desktop Services.

d process PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002) Enables DEP-ATL thunk emulation for the c


d process PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002) Enables DEP-ATL thunk emulation for the c

est version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Group Policy
ad the latest version of the policy information, and it uses a bandwidth estimate to determine slow link thresholds. (See the “Configure Gro
g logon scripts.

ows the administrator the option to override the default to slow network connection and instead default to using a fast network connection
p Policy will be applied in the background after the network becomes available. Note that because this is a background refresh, extensions
d that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a wo
ystem-computed wait time. If you disable or do not configure this policy setting, Group Policy will use the default wait time of 30 seconds o
Group Policy processing is applied, using the Group Policy Objects (GPOs) that are scoped to the computer. - An event log message (1109)
tions. If you disable or do not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network con
ates the policies even when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slo
the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause si
r do not configure this policy setting, it has no effect on the system. The "Allow processing across a slow network connection" option upda
a slow network connection" option updates the policies even when the update is being transmitted across a slow network connection, such
work connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a telep
e the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or system res
oss a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply
licies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect until the
when the update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can ca
update is being transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause signifi
unch the RSoP snap-in from the command line by typing RSOP.msc Note: This policy setting exists as both a User Configuration and Compu
unch the RSoP snap-in from the command line by typing RSOP.msc Note: This policy setting exists as both a User Configuration and Compu
ing the status of this setting to Disabled will enforce the default behavior. Files will always be copied to the GPO if they have a later timest
etting, you must restart your computer for it to take effect.
at any time, no matter how this policy setting is configured. Also, see the "Set Group Policy refresh interval for computers" policy setting to
ngs; preferences do not appear. If you disable or do not configure this policy setting, the "Show Policies Only" command is turned on by de
nap-ins use. "Use any available domain controller" indicates that the Group Policy Object Editor snap-in can read and write changes to any
e "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any conn
e "Connection speed" box, type a decimal number between 0 and 4,294,967,200, indicating a transfer rate in kilobits per second. Any conn
Policy every 7 seconds. However, because updates might interfere with users' work and increase network traffic, very short update interva
appropriate for most installations. If you disable or do not configure this setting, the domain controller updates Group Policy every 5 minut
ds. However, because updates might interfere with users' work and increase network traffic, very short update intervals are not appropriat

nd tested, you must disable the object link.


they were in the GPO. You can change this behavior by using this setting. If you enable this setting, the Group Policy Object Editor snap-in
e Microsoft Management Console (MMC).
one of the following modes from the Mode box: "Replace" indicates that the user settings defined in the computer's Group Policy Objects
y, and overrides any default or system-computed wait time. If you disable or do not configure this policy setting, Group Policy will use the d
ence items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connecti
or items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where
reference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow con
g for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location wh
en when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause
s preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace
ence items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connecti
tems in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a
option updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates
for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location whe
the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significa
ce extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace file can be
ssing across a slow network connection" option updates preference items even when the update is transmitted across a slow network conn
racing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the locatio
n when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause
preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace fi
even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cau
preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace fi
nce items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connectio
his preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace
network connection" option updates preference items even when the update is transmitted across a slow network connection, such as a te
er Configuration tracing: To perform tracing for items in this preference extension listed under User Configuration, you must provide a path
g across a slow network connection" option updates preference items even when the update is transmitted across a slow network connecti
rform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the
pdates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across s
m tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the loca
slow network connection" option updates preference items even when the update is transmitted across a slow network connection, such
racing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the locatio
rocessing across a slow network connection" option updates preference items even when the update is transmitted across a slow network
s preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace
n updates preference items even when the update is transmitted across a slow network connection, such as a telephone line. Updates acro
rform tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the
even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can ca
is preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace
ss a slow network connection" option updates preference items even when the update is transmitted across a slow network connection, s
rm tracing for items in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the loc
even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can cau
his preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user trace
ms even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connections can
in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a user
ence items even when the update is transmitted across a slow network connection, such as a telephone line. Updates across slow connectio
tems in this preference extension listed under User Configuration, you must provide a path in the "User trace" box to the location where a
ew Application preference items cannot be created.
explicitly permitted list of snap-ins" policy setting.
sers to the explicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy
ension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the
n. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the expl
xplicitly permitted list of snap-ins" policy setting.
explicitly permitted list of snap-ins" policy setting.
y permitted list of snap-ins" policy setting.
citly permitted list of snap-ins" policy setting.
xtension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to t
citly permitted list of snap-ins" policy setting.
ou permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use
erence extension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict u
extension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to
the explicitly permitted list of snap-ins" policy setting.
xtension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to t
n. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to the expl
ou permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use
icitly permitted list of snap-ins" policy setting.
extension. If you do not configure this policy setting, you permit use of the preference extension unless restricted by the "Restrict users to
permit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of
plicitly permitted list of snap-ins" policy setting.
rmit use of the preference extension unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" or "Permit use of Co
explicitly permitted list of snap-ins" policy setting for the Control Panel Settings item, but not for its children. Enabling this policy setting do
cy setting, you permit use of the Preferences tab.

alog box. Use a semicolon to separate folders. For example, to restrict the commands to only .chm files in the %windir%\help folder and D
er Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from
er Configuration and User Configuration. If both are settings are used, any programs listed in either of these locations cannot launched from
elp Executable. This provides an additional security benefit, but HTLM Help stops if DEP detects system memory abnormalities.

or WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser.
omputer will not contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. If you disable
etting in Computer Configuration/Administrative Templates/Printers.
etting in Computer Configuration/Administrative Templates/Printers.

e searching Windows Update for device drivers if a driver is not found locally. Note: This policy setting is replaced by "Specify Driver Source
mation" is not displayed at the end of the description. If you disable or do not configure this policy setting, the user can click the hyperlink
ccess, because the content in the "Did you know?" section will remain static indefinitely without an Internet connection.
user has a connection to the Internet and has not disabled the Knowledge Base search from the Search Options page.

n (except the country/region you live in).


n" and "Disable Windows Error Reporting" policy settings under Computer Configuration/Administrative Templates/Windows Components
If you disable or do not configure this policy setting, users can access the Windows Update website and enable automatic updating to rece
still send the search text and information about the search to Microsoft and the chosen search provider. Choosing Classic Search turns off t

ownloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online o
ownloaded when the user uses the web publishing or online ordering wizards. See the documentation for the web publishing and online o

information, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information
information, and the setting is not shown. If you do not configure this policy setting, users have the choice to opt in and allow information
ment Program. If you disable this policy setting, all users are opted into the Windows Customer Experience Improvement Program. If you d
his policy setting, NCSI runs one of the two active tests.
and applications that require IIS to run."
Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content
cy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Rating
nfigure it, this control will not be designated as administrator-approved.
Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom L
g steps: 1. In Group Policy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zo
bject - enables Web authors to add pop-up menus to Web pages To specify how administrator-approved controls are handled for each sec
ck User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, clic
net Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zo
licy, click User Configuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratin
ecurity Zones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then c
ecurity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content z
y Zones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click C
or on or off, using the Settings charm.
or on or off, using the Settings charm.
ficates to see if they have been revoked.
ficates to see if they have been revoked.

otected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. If you do not configure
otected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista. If you do not configure
ersions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This fea
ersions of Windows. If you don't configure this policy setting, users can turn this feature on or off using Internet Explorer settings. This fea
puters running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and t
puters running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and t
you don't configure the policy setting, users can select the Always send Do Not Track header option, in Internet Explorer settings. By selecti
you don't configure the policy setting, users can select the Always send Do Not Track header option, in Internet Explorer settings. By selecti

es not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. If you disable or do not co
es not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list. If you disable or do not co

. If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities
. If you do not configure this policy, Internet Explorer will not check the digital signatures of executable programs or display their identities

not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.
not configure this policy, users will be prompted when Web Components such as fonts would be downloaded.

not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to
not configure this policy setting, Internet Explorer does not check the Internet for new versions of the browser, so does not prompt users to
sts from Web sites for Profile Assistant information.
sts from Web sites for Profile Assistant information.

indows are closed. If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder w
indows are closed. If you do not configure this policy, Internet Explorer will not delete the contents of the Temporary Internet Files folder w

xplorer 7, and Internet Explorer 8. By default, inline AutoComplete is turned on for Internet Explorer 9.

t debugging.
hints about how to correct the problem. The user cannot change this policy setting. If you do not configure this policy setting, the user ca

gure this policy setting, the user can turn on or turn off the display of script errors.

ot change the user interface in the Offline Favorites wizard. Note: The begin and end times for downloading are measured in minutes after
oviders use the words Add Active Channel for this option; however, a few use different words, such as Subscribe.
enu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this

eb sites. The "Disable editing schedules for offline pages" policy and the "Hide Favorites menu" policy (located in User Configuration\Admi
existing schedule for downloading Web content for offline viewing. This policy is intended for organizations that are concerned about serve

users can remove the preconfigured settings for pages to be downloaded for offline viewing. This policy is intended for organizations that
intended for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in U
wnloading of site subscription content" policy and the "Hide Favorites menu" policy (located in User Configuration\Administrative Template

hanging Temporary Internet files settings" "Disable changing history settings" "Disable changing color settings" "Disable changing link colo
hanging Temporary Internet files settings" "Disable changing history settings" "Disable changing color settings" "Disable changing link colo
main names are always converted to IDN format. If you disable or do not configure this policy setting, the user can control this setting by us
main names are always converted to IDN format. If you disable or do not configure this policy setting, the user can control this setting by us
ettings. The default is to encode all query strings in UTF-8.
ettings. The default is to encode all query strings in UTF-8.

w or prevent the sending of the path portion of URLs as UTF-8.

n specify the cipher strength update information URL.

ttings. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
ttings. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
ormation, see "Out-of-date ActiveX control blocking" in the Internet Explorer TechNet library.
tdated ActiveX Controls" in the Internet Explorer TechNet library.
tdated ActiveX Controls" in the Internet Explorer TechNet library.
example, use "file:///C:/Users/contoso/Desktop/index.htm" If you disable or don't configure this policy setting, the list is deleted and Inter
example, use "file:///C:/Users/contoso/Desktop/index.htm" If you disable or don't configure this policy setting, the list is deleted and Inter

the list, enter the following information: Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CL
the list, enter the following information: Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list. The CL
his option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting. If
his option from users - all add-ons are assumed to be denied unless they are specifically allowed through the 'Add-on List' policy setting. If

ser preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is
ser preferences and policy settings are ignored by the specified process. The Value Name is the name of the executable. If a Value Name is
be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VM
be allowed in zones set to 'admin-approved', just as if those zones were set to 'disable'. If you do not configure this policy setting, only VM

ue is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Proc
ue is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Proc
t configure this policy setting, Consistent Mime Handling is prevented for all processes.
t configure this policy setting, Consistent Mime Handling is prevented for all processes.
sable this policy setting, Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setti
sable this policy setting, Internet Explorer will not require consistent MIME data for all received files. If you do not configure this policy setti
revented or allowed. If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type in
revented or allowed. If you enable this policy setting and enter a Value of 1, MIME handling is in effect. If you enter a Value of 0 file-type in
the Process List.
the Process List.

Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE process
Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable for IE process
plorer or those defined in a process list. If you disable or do not configure this policy setting, Local Machine zone security is not applied to
plorer or those defined in a process list. If you disable or do not configure this policy setting, Local Machine zone security is not applied to
rnet Explorer. If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Exp
rnet Explorer. If you disable this policy setting, Local Machine zone security is not applied to local files or content processed by Internet Exp
ty does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer proc
ty does not apply. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer proc

his list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, th
his list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, th

e MK protocol will fail.


e MK protocol will fail.
olicy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence o
olicy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence o
no policy is enforced for processes other than File Explorer and Internet Explorer.
no policy is enforced for processes other than File Explorer and Internet Explorer.
hrough restricted protocols is prevented for File Explorer and Internet Explorer processes. If you do not configure this policy setting, the po
hrough restricted protocols is prevented for File Explorer and Internet Explorer processes. If you do not configure this policy setting, the po
ocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ign
ocols is blocked. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ign

xplorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy
xplorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy

Internet Explorer processes. If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explore
Internet Explorer processes. If you do not configure this policy setting, any zone can be protected from zone elevation by Internet Explore
a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Nam
a Value of 1, elevation to more privileged zones can be prevented. If you enter a Value of 0, elevation to any zone is allowed. The Value Nam
sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this
sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this

s. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do
s. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do

g, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
g, popup windows and other restrictions apply for File Explorer and Internet Explorer processes.
e Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter
e Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco
policy setting for a zone, no protocols are restricted for that zone, regardless of the setting for "Allow active content over restricted protoco

figure this policy setting, users can change the Suggestions setting on the Settings charm.
figure this policy setting, users can change the Suggestions setting on the Settings charm.

out creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do no
out creating this custom administrative template file, see the Internet Explorer documentation on search providers. If you disable or do no

le the Advanced page" policy removes the Advanced tab from the interface.
soft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide the mode of operatio
soft without prompting the user. If you disable or do not configure this policy setting, the user is prompted to decide the mode of operatio
rtScreen Filter during the first-run experience.
rtScreen Filter during the first-run experience.

terchange the positions of the menu bar and the navigation bar. If you disable this policy setting, the menu bar is below the navigation ba
nagement" policy settings to prevent the user from configuring pop-up behavior.
nagement" policy settings to prevent the user from configuring pop-up behavior.

ccess and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the sh
ccess and manage favorites, feeds, shortcuts to home page, and more. Full-screen mode disables not only these three bars, but also the sh
ng, the user will be able to use the Import/Export Settings wizard.
ng, the user will be able to use the Import/Export Settings wizard.

disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technolo
disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technolo

isable or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifi
isable or do not configure this policy setting, newly installed add-ons are not automatically activated in the browser. Internet Explorer notifi
sable or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the th
sable or do not configure this policy setting, users are notified when the average time to load all the user's enabled add-ons exceeds the th

lies if the Media Explorer Bar is enabled. If checked, the Media Explorer Bar will automatically display and play the media content when th
ory button on the Settings charm.
ory button on the Settings charm.

nabled by default.
nabled by default.

preserve InPrivate Filtering data when he or she clicks Delete.


preserve InPrivate Filtering data when he or she clicks Delete.
ure is available in the Delete Browsing History dialog box. If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do No
ure is available in the Delete Browsing History dialog box. If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do No

tting is enabled, this policy setting has no effect.


tting is enabled, this policy setting has no effect.
et Explorer may run the First Run wizard the first time the browser is started after installation.
et Explorer may run the First Run wizard the first time the browser is started after installation.

on the Accelerator menu.


on the Accelerator menu.

m must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly gro
m must be explicitly enabled through the creation of an integer setting. In this case, each Internet Explorer isolation setting will quickly gro

adding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
adding or removing websites to the exception list by enabling "Turn off Managing Pop-up Allow list" policy.
ntrol Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from the interface.
er\Internet Control Panel) takes precedence over this policy. If it is enabled, this policy is ignored.
es the Content tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored. Caution
hould be their default. The "Disable the Programs page" policy (located in \User Configuration\Administrative Templates\Windows Compo
n the Programs tab in the Internet Options dialog box. Note that starting with Internet Explorer 10 on Windows 8, the check box is located o
set this policy, because the "Disable the General page" policy removes the General tab from the interface. Note: The default Web page co

nnections page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control
y removes the General tab from the interface. Note: The default font settings colors are ignored in cases in which the Web page author ha

d to save passwords. If you do not configure this setting, the user has the freedom of turning on Auto complete for User name and passwo
icy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing hist
icy setting, a user can set the number of days that Internet Explorer tracks views of pages in the History list. Users can delete browsing hist

orer\Internet Control Panel), you do not need to set this policy, because the "Disable the General page" policy removes the General tab from
se the "Disable the General page" policy removes the General tab from the interface. Note: The default link colors are ignored on Web pag
nts\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in Control Panel, takes precedence o

d, this policy is ignored.

ults in the Address bar. The user cannot change this setting. If you do not configure this policy setting, the user can choose to turn the Use
ults in the Address bar. The user cannot change this setting. If you do not configure this policy setting, the user can choose to turn the Use
L Suggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
L Suggestions in the Internet Options dialog. By default, URL Suggestions are turned on.
ard disk. This policy can be used in coordination with the "File Menu: Disable Open menu option" policy (located in \User Configuration\Ad

), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ig
or security zones established by the administrator. Note: The "Disable the Security page" policy (located in \User Configuration\Administra
s' programs without user intervention.
s). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom ad
s). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom ad
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t
Refresh setting can be redirected to another Web page.
Refresh setting can be redirected to another Web page.

ary and script behaviors are available.


ary and script behaviors are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
usted publishers is silently downloaded.
usted publishers is silently downloaded.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to High Safety.
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will execute signed managed components.
ou do not configure this policy setting, Internet Explorer will execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.

y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
usted publishers is silently downloaded.
usted publishers is silently downloaded.

his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loade
a from another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loade

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.

ary and script behaviors are available.


ary and script behaviors are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
usted publishers is silently downloaded.
usted publishers is silently downloaded.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
tication" message when they connect to a Web site that has no certificate or only one certificate.
tication" message when they connect to a Web site that has no certificate or only one certificate.

ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will execute signed managed components.
ou do not configure this policy setting, Internet Explorer will execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loade
a from another site in the zone. If you do not configure this policy setting, users are queried to choose whether to allow a page to be loade

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.

y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
usted publishers is silently downloaded.
usted publishers is silently downloaded.

his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
ou do not configure this policy setting, users are queried to choose whether to run applications and download files from IFRAMEs on the p
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac
Refresh setting can be redirected to another Web page.
Refresh setting can be redirected to another Web page.

ary and script behaviors are available.


ary and script behaviors are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n

his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Medium Safety.
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
tication" message when they connect to a Web site that has no certificate or only one certificate.
tication" message when they connect to a Web site that has no certificate or only one certificate.
ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.

y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n

his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t

Refresh setting cannot be redirected to another Web page.


Refresh setting cannot be redirected to another Web page.

ary and script behaviors are not available unless applications have implemented a custom security manager.
ary and script behaviors are not available unless applications have implemented a custom security manager.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in
ou do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
ers cannot open other windows and frames from different domains or access applications from different domains.
ers cannot open other windows and frames from different domains or access applications from different domains.
ontent over other protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols
ontent over other protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or dire
. If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or dire
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t
a from another site in the zone. If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO t

Refresh setting cannot be redirected to another Web page.


Refresh setting cannot be redirected to another Web page.

ary and script behaviors are not available unless applications have implemented a custom security manager.
ary and script behaviors are not available unless applications have implemented a custom security manager.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in
ou do not configure this policy setting, users are prevented from running applications and downloading files from IFRAMEs on the pages in
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
ers cannot open other windows and frames from different domains or access applications from different domains.
ers cannot open other windows and frames from different domains or access applications from different domains.
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
eing submitted. If you do not configure this policy setting, users are queried to choose whether to allow information using HTML forms on
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or dire
. If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or dire
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s
L's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the s

one (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special se
one (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special se

otification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user tur
otification bar notification appears for intranet content loaded on a browser on a computer that is not a domain member, until the user tur
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.

ary and script behaviors are available.


ary and script behaviors are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Low Safety.
his policy setting, Java applets cannot run. If you do not configure this policy setting, the permission is set to Low Safety.
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
this policy setting, the MIME Sniffing Safety Feature will not apply in this zone.
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
her protocols is unaffected. If you disable this policy setting, all attempts to access such content over the restricted protocols is blocked. If
tication" message when they connect to a Web site that has no certificate or only one certificate.
tication" message when they connect to a Web site that has no certificate or only one certificate.

ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ontrol. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will execute signed managed components.
ou do not configure this policy setting, Internet Explorer will execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
tting for the process. If you do not configure this policy setting, Windows Restrictions security will not apply in this zone. The security zone
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting
r security feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting

ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec
ugh older media players. If you do not configure this policy setting, video and animation can be played through older media players in spec

information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.
information is sent when he or she is uploading a file via an HTML form. By default, path information is sent.

s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
s are blocked in the Restricted zone, enabled in the Intranet and Local Computer zones, and set to prompt in the Internet and Trusted zone
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne
The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XBAPs inside Interne

gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
gure this policy setting, .NET Framework Setup is turned on by default. The user can change this behavior.
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
er. The user cannot change this behavior. If you do not configure this policy setting, the user can decide whether to load XAML files inside
decide whether to load XPS files inside Internet Explorer.
decide whether to load XPS files inside Internet Explorer.
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac
a from another site in the zone. If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to ac

Refresh setting can be redirected to another Web page.


Refresh setting can be redirected to another Web page.
y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.
y behaviors listed in the Admin-approved Behaviors under Binary Behaviors Security Restriction policy are available.

re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n
re (https://) and nonsecure (http://) content. If you disable this policy setting, users cannot receive the security information message and n

his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
his policy setting, Java applets cannot run. If you do not configure this policy setting, Java applets are disabled.
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
ou do not configure this policy setting, users can run applications and download files from IFRAMEs on the pages in this zone without user
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
nder of the session. Automatic logon with current user name and password to attempt logon using Windows NT Challenge Response (also
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
this policy setting, the actions that may be harmful cannot run; this Internet Explorer security feature will be turned on in this zone, as dict
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
orer 10, if you disable this policy setting or do not configure it, users cannot drag content from one domain to a different domain when the
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
is policy setting or do not configure it, users cannot drag content from one domain to a different domain when the source and destination
mains and access applications from other domains.
mains and access applications from other domains.
essage when they connect to a Web site that has no certificate or only one certificate.
essage when they connect to a Web site that has no certificate or only one certificate.

control. Users can turn this behavior on or off, using Internet Explorer Security settings.
control. Users can turn this behavior on or off, using Internet Explorer Security settings.
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur
ou disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted. If you do not configur

ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
ou do not configure this policy setting, Internet Explorer will not execute signed managed components.
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
pdates by e-mail, software packages from being automatically downloaded to users' computers, and software packages from being automa
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
eing submitted. If you do not configure this policy setting, information using HTML forms on pages in this zone can be submitted automati
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
onents. If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
. If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
tting for the process. If you do not configure this policy setting, the possible harmful actions contained in script-initiated pop-up windows
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th
ecurity feature will be on in this zone as set by Protection from Zone Elevation feature control. If you do not configure this policy setting, th

not prevented from saving Web content by pointing to a link on a Web page, clicking the right mouse button, and then clicking Save Target
disable this policy or do not configure it, users can save all elements on a Web page. The "File menu: Disable Save As... menu option" polic
prevent users from using the shortcut menu to open new browser windows, you should also set the "Disable Open in New Window menu o
the "Disable Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Me

manage their favorite links that are set up for offline viewing.
command, the link will not open in a new window and they will be informed that the command is not available.

e Print flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
e Print flyout for Internet Explorer will be available, and users will see installed printers under the Devices charm.
ing the Internet Options icon in Windows Control Panel. Also, see policies for Internet options in the \Administrative Templates\Windows

Menu" policy, which disables the entire shortcut menu.

olicy setting, images appear. The user cannot turn off image display. If you do not configure this policy setting, the user can turn on or turn
while the images are downloading. The user cannot change this policy setting. If you do not configure this policy setting, the user can allow

ckground colors and images.

oper can add or delete a feed or Web Slice by using the Feed APIs.
oper can add or delete a feed or Web Slice by using the Feed APIs.

etting, current values of the URL action for the application or process on the computer prevail.
etting, current values of the URL action for the application or process on the computer prevail.
rform a Clipboard operation. If you do not configure this policy setting, current values of the URL action for the Internet Explorer process p
rform a Clipboard operation. If you do not configure this policy setting, current values of the URL action for the Internet Explorer process p
nter a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or
nter a value of 0, prompts are not bypassed. Value Name is the name of the executable file. If Value Name is empty or the value is not 0 or
, the user can specify what action applies to searches on the Address bar.
, the user can specify what action applies to searches on the Address bar.
a top-result website or a search-results webpage in the main window. If you disable or do not configure this policy setting, the user can se
a top-result website or a search-results webpage in the main window. If you disable or do not configure this policy setting, the user can se

can be shown by the application as a user types in a password. The reveal password button is visible by default. On at least Windows 8, if
can be shown by the application as a user types in a password. The reveal password button is visible by default. On at least Windows 8, if
oss domains by using the WebSocket object. By default, the WebSocket object is enabled.
oss domains by using the WebSocket object. By default, the WebSocket object is enabled.

configure this policy setting, the user can decide whether to start Internet Explorer automatically to complete the signup process after the
ttings or user choice. If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The u
ttings or user choice. If you disable or do not configure this policy setting, the toolbar upgrade tool checks for incompatible toolbars. The u

rer toolbars. This policy can be used in coordination with the "Disable customizing browser toolbars" policy, which prevents users from det

show selective text by default, and the user can change this.
show selective text by default, and the user can change this.

prompt appears.
prompt appears.

net Options.
net Options.

ing the Safety button and then clicking InPrivate Filtering.


ing the Safety button and then clicking InPrivate Filtering.

licking the Safety button and then clicking Tracking Protection.


licking the Safety button and then clicking Tracking Protection.

wer content written to common Internet standards may be displayed incorrectly. If you disable this policy setting, Internet Explorer uses a
wer content written to common Internet standards may be displayed incorrectly. If you disable this policy setting, Internet Explorer uses a

al string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards
al string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards

ve. The user can activate the feature by using the Compatibility View Settings dialog box.
ve. The user can activate the feature by using the Compatibility View Settings dialog box.

ers won't be able to run websites in Enterprise Mode.


ers won't be able to run websites in Enterprise Mode.

es\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue t
es\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue t

database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data o
database and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data o
rnet Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy. If you disable
rnet Explorer will allow trusted domains to store additional data in indexed databases, up to the limit set in this group policy. If you disable
e limit for all indexed databases. The default is 4 GB.
e limit for all indexed databases. The default is 4 GB.
e and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their c
e and caches on Website Data Settings will be available to users. Users can choose whether or not to allow websites to store data on their c
g, Internet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting. If you
g, Internet Explorer will allow trusted domains to store additional files in application caches, up to the limit set in this policy setting. If you
or all application caches. The default is 1 GB.
or all application caches. The default is 1 GB.

of resources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting. If you disable
of resources, including the page that referenced the manifest, that are less than or equal to the limit set in this policy setting. If you disable
his policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The d
his policy setting, Internet Explorer will use the default application cache individual resource size for all application caches resources. The d
m the last browsing session. If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this
m the last browsing session. If you do not configure this policy setting, Internet Explorer starts with the home page. Users can change this

For example: • 2 - Intranet site zone only Binary Representation - 00010 • 0 - Restricted Sites Zone • 0 - Internet Zone • 0 - Trusted Sites
For example: • 2 - Intranet site zone only Binary Representation - 00010 • 0 - Restricted Sites Zone • 0 - Internet Zone • 0 - Trusted Sites
nedrive.com timecard.contoso.com LOBApp.contoso.com
nedrive.com timecard.contoso.com LOBApp.contoso.com
policy Tablet PC users can report handwriting recognition errors to Microsoft.
policy Tablet PC users can report handwriting recognition errors to Microsoft.

about previous logons during user logon" policy setting is enabled. Note: Information about previous logons is provided only if the domai
PN because the name is not found, NTLM authentication might be used. To ensure consistent behavior, this policy setting must be support
laims, compound authentication or armoring. If you configure the "Not supported" option, the domain controller does not support claims
ken buffer size" or the smallest MaxTokenSize used in your environment if you are not configuring using Group Policy. If you disable or do
e or do not configure this policy setting, domain controllers will return service tickets that contain compound authentication any time the c
ed for successful authentication. Kerberos clients which do not support the PKInit Freshness Extension will always fail when using public ke
yntax format. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE key. To edit a mapping
the realm flags and host names of the host KDCs using the appropriate syntax format. To remove an interoperable Kerberos V5 realm Valu
computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation o

ure this policy setting, any service is allowed to accept incoming connections by using this system-generated SPN.
st of proxy servers using the appropriate syntax format. To view the list of mappings, enable the policy setting and then click the Show butt
e revocation check fails.
os Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Ke
ation is never provided for this computer account. Automatic: Compound authentication is provided for this computer account when one o
he Kerberos client or server uses the locally configured value or the default value. Note: This policy setting configures the existing MaxTok
n required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve c
or do not configure this policy setting and the resource domain requests compound authentication, devices will send a non-compounded a
ce: Device will always authenticate using its certificate. If a DC cannot be found which support computer account authentication using certi
ed for this domain Group Policy setting, and then configure local machine policy to enable BranchCache on individual file servers. Because
rieve only V1 hashes. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not
he top. Remove any cipher suites you don't want to use. Note: When configuring this security setting, changes will not take effect until you

e top. Remove any cipher suites you don't want to use. Note: When configuring this security setting, changes will not take effect until you
not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signin
will lead to very long transition times between the online and offline states.
vided by a Windows Server. Microsoft does not recommend enabling this policy for clients that routinely connect to files hosted on a Windo
with the Services snap-in to the Microsoft Management Console. No operating system restart or service restart is required for this policy to
network, you may choose the "Allow operation while in public network" and "Prohibit operation while in private network" options instead.
ork. On the other hand, if a network interface is connected to an unmanaged network, you may choose the "Allow operation while in publ

cy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in
cy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in
n Computer Configuration takes precedence over the policy setting in User Configuration. Note: Customized run-once lists are stored in the
n Computer Configuration takes precedence over the policy setting in User Configuration. Note: Customized run-once lists are stored in the

rver"" screen on Windows 2000 Server. Note: This setting appears in the Computer Configuration and User Configuration folders. If both s
If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. Note: This setting ap
If you disable or do not configure this policy setting, the user will have to start the appropriate programs after logon. Note: This setting ap
n and Folder Redirection take two logons to apply changes. To be able to operate safely, these extensions require that no users be logged o

rver"" screen on Windows 2000 Server. Note: This setting appears in the Computer Configuration and User Configuration folders. If both s

nt users will not see the opt-in prompt for services. If you do not configure this policy setting, the user who completes the initial Windows

s setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined settin
s setting, employees won't see the Address bar drop-down functionality in Microsoft Edge. This setting also disables the user-defined settin
ngine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/
ngine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Standards (https://msdn.microsoft.com/
ame and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Stand
ame and https: URL of the search engine. For more info about creating the OpenSearch XML file, see the Understanding OpenSearch Stand
Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.
Microsoft Edge. If you disable or don't configure this setting, employees will see the favorites they set in the Hub and Favorites Bar.

able or don't configure this setting, your default Start pages are the webpages specified in App settings.
able or don't configure this setting, your default Start pages are the webpages specified in App settings.
users can't change any Start pages configured using the "Configure Start pages" setting. The Start pages will remain locked down.
users can't change any Start pages configured using the "Configure Start pages" setting. The Start pages will remain locked down.
configure this setting (default), employees can add, import and make changes to the Favorites list.
configure this setting (default), employees can add, import and make changes to the Favorites list.
h it’s in whatever version of IE is necessary for it to appear properly. If you disable this setting, the Microsoft Compatibility List isn’t used d
h it’s in whatever version of IE is necessary for it to appear properly. If you disable this setting, the Microsoft Compatibility List isn’t used d
owever, users cannot open a blank MMC console window on the Start menu. (To open the MMC, click Start, click Run, and type mmc.) User
setting if you plan to permit use of most snap-ins. To explicitly prohibit a snap-in, open the Restricted/Permitted snap-ins setting folder and
rmitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit us
rmitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit us
rmitted list of snap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit us
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
d. -- If "Restrict users to the explicitly permitted list of snap-ins" is enabled, users will not have access to the Group Policy tab. To explicitly
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ermines whether this snap-in is permitted or prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is
ot configure this policy setting, Windows presentation settings can be invoked.
ot configure this policy setting, Windows presentation settings can be invoked.

Panel will apply.


ired for this policy setting to take effect. Changes take effect immediately. This policy setting will only take effect when the Diagnostic Polic
u enable this policy setting for local and remote troubleshooting, MSDT always prompts for additional tool downloading. If you disable this
or service restarts are required for this policy setting to take effect. Changes take effect immediately.
ed for headless operation and is the default recovery behavior on Windows server. Troubleshooting Only: Detection and verification of file
ng. If you disable or do not configure this policy setting, by default, only system administrators can browse during installations with elevate
ia only when the installation runs in the user's security context. During privileged installations, such as those offered on the desktop or disp
Remove Programs. This policy setting does not affect installations that run in the user's security context. By default, users can install patch
or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administra
or do not configure this policy setting, the system applies the current user's permissions when it installs programs that a system administra
in use behavior is used. -- The "Restart Manager Off for Legacy App Setup" option applies to packages that were created for Windows Insta
ity context. But only system administrators can browse when an installation is running with elevated system privileges, such as installations

behavior when specified via the MsiLogging policy. Log files can still be generated using the logging command line switch or the Logging po
elevated system privileges, such as installations offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to use m
ed applications only" option permits users to install only those programs that a system administrator assigns (offers on the desktop) or pub
vated system privileges, such as those offered on the desktop or in Add or Remove Programs. Also, see the "Enable user to patch elevated
vents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system fi
vents malicious users from interrupting an installation to gather data about the internal state of the computer or to search secure system fi
ermitted the user to change a protected option, it stops the installation and displays a message. These security features operate only when

ate from the computer only if the user has been granted privileges to remove the update. This can depend on whether the user is an admi
t was in before installing the application.
his causes a per-computer installed application to be visible to users, even if those users have a per-user install of the product registered in
new feature must be added as a new leaf feature to an existing feature tree. If you disable or do not configure this policy setting, the Wind
es will remain on disk and will be deleted when the product is removed. If you set the baseline cache to 100, the Windows Installer will use
ented by the letters "iweap."
pplied cautiously.
resenting that source type.
his policy setting is designed for enterprises to prevent unauthorized or malicious editing of transform files. If you disable this policy settin

ccess server by specifying IPv6 addresses rather than names. The ability to disconnect allows users to specify single-label, unqualified nam

-A Uniform Resource Locator (URL) that NCA queries with a Hypertext Transfer Protocol (HTTP) request. The contents of the web page do n
he IPv6 address of an IPsec tunnel endpoint. Example: PING:2002:836b:1::836b:1. You must configure this setting to have complete NCA f
will not attempt to verify any passwords with the PDC emulator. If you do not configure this policy setting, it is not applied to any DCs.
used. Warning: If the value for this setting is too large, a client will not attempt to find any DCs that were initially unavailable. If the value s
. If the value for this setting is smaller than the value specified for the Initial DC Discovery Retry Setting, the Initial DC Discovery Retry Setti
um value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0. Warning: If the value for this settin

urs as described above.

ttempt to find DCs even when none are available.


on share will grant shared read access to files on the share when exclusive access is requested. Note: The Netlogon share is a share created
mum value for this setting is to always refresh (0).
frequent automatic discovery of DCs in a trusted domain. To enable the setting, click Enabled, and then specify the interval in seconds.

rant shared read access to files on the share when exclusive access is requested. Note: The SYSVOL share is a share created by the Net Logo
tion. If you disable this policy setting, computers to which this setting is applied will use the AllowDnsSuffixSearch policy, if it is not disable
nsDomain policy is not enabled, computers to which this policy is applied, will locate a domain controller hosting an Active Directory doma
ll not register site-specific DC Locator DNS SRV records for any other sites but their own. If you do not configure this policy setting, it is not
> Gc SRV _ldap._tcp.gc._msdcs.<DnsForestName> GcAtSite SRV _ldap._tcp.<SiteName>._sites.gc._msdcs.<DnsForestName>
to instruct the DNS servers configured to automatically remove (scavenge) stale records that these records are current and should be pres

strators to configure Active Directory access and replication. A GC is a domain controller that contains a partial replica of every domain in A
to 65535. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
rd. To specify the Weight in the DC Locator DNS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 65535.
nd they are used to locate the application directory partition-specific DC. An Active Directory site is one or more well-connected TCP/IP sub
ctory access and replication. To specify the sites covered by the DC Locator DNS SRV records, click Enabled, and then enter the sites names

ed by the total site-link cost between them. A site is closer if it has a lower site link cost than another site with a higher site link cost. If you
es in network conditions DC Locator will by default carry out a Force Rediscovery according to a specific time interval and maintain efficient
be used to disable the default behavior and enforce to return only IPv4 DC address. Once applications are fixed, this policy can be used to
Logon will allow the negotiation and use of older cryptography algorithms compatible with Windows NT 4.0. However, using the older algo
enever DC location based on a NetBIOS domain name is not required. This policy setting does not affect DC location based on DNS names.
ords (as recommended). For these reasons, NetBIOS-based discovery is not recommended. Note that this policy setting does not affect Net
m an exhaustive address lookup to discover additional client IP addresses. 2 - DCs will perform a fast, DNS-only address lookup to discover
hould disable this setting once all DCs are running the same OS version. The allowable values for this setting result in the following behavio
dows 2000 computers. If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in
tors on post-Windows 2000 computers. If you disable this setting or do not configure it, the Advanced Settings item is enabled for administ
mputers. If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box. Note:
disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this se
dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box en
users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connectio
do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to on
post-Windows 2000 computers. If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all user
y to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connectio
ed as an error to the user. If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned a
nections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 com
ections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 compu
ost-Windows 2000 computers. If you disable this setting or do not configure it, a Properties menu item appears when users right-click the
not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking th
l is a stateful packet filter for home and small office users to protect them from Internet network security threats. If you enable this setting
Properties appears on the File menu. If you disable this setting (and enable the "Enable Network Connections settings for Administrators"
2000 computers. If you disable this setting or do not configure it, the Properties button is enabled for all users. The Networking tab of the
ections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the
nu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private c
me all-user remote access connections. Note: This setting does not apply to Administrators Note: When the "Ability to rename LAN conne
ured, this setting will not apply to administrators on post-Windows 2000 computers. If this setting is not configured, only Administrators an
able to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
ws 2000 computers. If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access con
ernet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled. If you disable this setti
ose to show the connection icon in the taskbar from the Connection Properties dialog box. Important: If the "Enable Network Connections

icy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network. If y
his policy configuration the sole list of allowed proxies, enable the "Proxy definitions are authoritative" setting. If you disable or do not con
022::1000]; 18.0.0.1; 18.0.0.2 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043
very. To ensure that these addresses are the only addresses ever classified as private, enable the "Subnet definitions are authoritative" pol

e information see: http://go.microsoft.com/fwlink/p/?LinkId=234043


roxy servers for apps policy. Example: [cloudresource]|[cloudresource]|[cloudresource],[proxy]|[cloudresource]|[cloudresource],[proxy]|

ers to be made available offline when they make a parent folder available offline.
eted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for o
eted and no files or folders are made available for offline use by Group Policy (though users can still specify their own files and folders for o
ed for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer a
ed for a particular server, the setting in Computer Configuration takes precedence over the setting in User Configuration. Both Computer a
utomatic-cache disk space limit. If you disable this setting, the system limits the space that automatically cached files occupy to 10 percen
mputer is restarted.
are unencrypted. This includes existing files as well as files added later, even if the files were stored using NTFS encryption or BitLocker Dri
" also records an event when the server hosting the offline file is disconnected from the network. "2" also records events when the local c
" also records an event when the server hosting the offline file is disconnected from the network. "2" also records events when the local c
o use this setting, type the file name extension in the "Extensions" box. To type more than one extension, separate the extensions with a se
f you disable this setting or select the "Work offline" option, users can work offline if disconnected. If you do not configure this setting, us
f you disable this setting or select the "Work offline" option, users can work offline if disconnected. If you do not configure this setting, us
ation folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration
ation folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration
are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: This setting provides a q
are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: This setting provides a q
figuration takes precedence. The "Make Available Offline" command is called "Always available offline" on computers running Windows Se
figuration takes precedence. The "Make Available Offline" command is called "Always available offline" on computers running Windows Se
mmand is displayed for all files and folders. If you do not configure this policy setting, the "Make Available Offline" command is available fo
mmand is displayed for all files and folders. If you do not configure this policy setting, the "Make Available Offline" command is available fo
e offline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables t
e offline files, but users can change the setting. To prevent users from changing the setting while a setting is in effect, the system disables t

are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To set reminder balloo
are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To set reminder balloo
User Configuration.
User Configuration.

onnection is considered to be slow. Note: Use the following formula when entering the slow link value: [ bps / 100]. For example, if you wa
ms a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Confi
ms a quick synchronization by default, but users can change this option. This setting appears in the Computer Configuration and User Confi
ick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. If you do not configu
ick synchronization. Quick synchronization ensures that files are complete but does not ensure that they are current. If you do not configu
If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.
If multiple users are logged on to the computer at the time the computer is suspended, a synchronization is not performed.

or if the round-trip network latency is above (slower than) the Latency threshold parameter. You can configure the slow-link mode by spe
and also specify how much of that disk space can be used by automatically cached files. If you disable this policy setting, the system limits
the 'Maximum Allowed Time Without A Sync' value to ensure that all network folders on the machine are synchronized with the server on
icy setting is triggered by the configured round trip network latency value. We recommend using this policy setting when the network con

"Configure slow-link mode" policy to avoid network usage.

uch as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this setti
computer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to
uters perform PNRP lookups.
your corporation. 1. In order to use the global, well known seed server on the Internet only; enable the setting, leave the seed server list e
(such as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this se
computer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to
uters perform PNRP lookups.
otocol will revert to using a public registry key to determine the seed server to bootstrap from.
(such as ad hoc networking scenarios). If you disable this setting, PNRP will use multicast for bootstrapping on the same subnet. If this se
computer has a site-local address. If you enable this policy setting, PNRP does not create a cloud, and applications cannot use this cloud to
uters perform PNRP lookups.
nfigured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.
u disable or do not configure this policy setting, Windows does not create or store the PIN recovery secret. If the user forgets their PIN, the
or desktop authentication.
be used for both the maximum and minimum PIN lengths.
d for both the maximum and minimum PIN lengths.

ndows Hello for Business authentication from failing.


ndows Hello for Business authentication from failing.
linkid=849684

o provide smart card emulation. To change an existing credential, enable this policy setting and select "I forgot my PIN" from Settings.
on a single device. The user owns both credentials, which enables them to sign-in using non-privileged credentials, but can performed elev
e PCA is configured to detect failures during application installation, failures during application runtime, and drivers blocked due to compati

omputers are domain members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for thi
ers but you do not want to configure a BranchCache client computer cache setting on all client computers, you can specify Not Configured
. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not applied to client com
to client computers by this policy. In the circumstance where client computers are domain members but you do not want to enable Branch
han the value, clients begin caching content after they receive it from the file servers. Policy configuration Select one of the following: - No
BranchCache" policy setting, BranchCache clients attempt to discover hosted cache servers in the local branch office. If client computers d
atches their operating system. Policy configuration Select one of the following: - Not Configured. With this selection, this policy setting is
of hosted cache servers, hosted cache mode is enabled for all client computers to which the policy setting is applied. For this policy setting
he age setting on all client computers, you can specify Not Configured for this domain Group Policy setting, and then configure local compu

n is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Boot Performanc
ate to the user that assisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or re
sisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows Sy
ssisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Windows S
n a powered state, ready for power to be safely removed. If you disable or do not configure this policy setting, the computer system safely

p transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.
p transition from occuring. The "Prevent enabling lock screen slide show" policy setting can be used to disable the slide show feature.

his policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Co
his policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Co
setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a
setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a
s PowerShell session. If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although trans
s PowerShell session. If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although trans
Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Con
Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Con
n the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
n the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
estore button is active when the previous version is of a local file and stored on the backup.
estore button is active when the previous version is of a local file and stored on the backup.

is of a local file.
is of a local file.

the previous version is of a file on a file share.


the previous version is of a file on a file share.

ternet. Also, see the "Custom support URL in the Printers folder's left pane" setting in this folder and the "Browse a common Web site to fi
will be isolated. If you disable this policy setting, then print drivers will be loaded within all associated application processes. Notes: -This
as no effect. (To enable Web view, open the Printers folder, and, on the Tools menu, click Folder Options, click the General tab, and then clic
nters on your network, ensure that network discovery is turned on. To turn on network discovery, click "Start", click "Control Panel", and th
ter from the shown list. If you disable this setting, the network printer browse page is removed from within the Add Printer Wizard, and us
he print server, and the server will simply pass the commands to the printer. This increases the workload of the client while decreasing the

or users to find the printers you want them to add. Also, see the "Custom support URL in the Printers folder's left pane" and "Activate Inte
ernel-mode driver will not be allowed. Note: By applying this policy, existing kernel-mode drivers will be disabled upon installation of servi
ning other programs to add printers. This setting does not delete printers that users have already added. However, if users have not added

er of printers to display to 0. In Windows 10 and later, only TCP/IP printers can be shown in the wizard. If you enable this policy setting, onl

ns to a specific print server. If this setting is enabled, users will only be able to package point and print to print servers approved by the net

ns to a specific print server. If this setting is enabled, users will only be able to package point and print to print servers approved by the net
n (and other search criteria) to find a printer nearby. You can also use this setting to direct users to a particular printer or group of printers t
dd Printer wizard's Printer Name and Sharing Location screen and to the General tab in the Printer Properties dialog box. If you enable the
arnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated
arnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated

me a client computer announces a printer to a print browse master on the domain.


only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect witho
setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting ta
nd the behavior depends on the version of Windows that you are using. By default, Windows Ultimate, Professional and Home SKUs will co
rejoin the network. However, because non-Windows 2000 computers and computers in other domains cannot republish printers in Active
between contact attempts. If you do not configure or disable this setting the default values will be used. Note: This setting is used only on
main controllers.
allows two retries before deleting printers from Active Directory. You can use this setting to change the number of retries. If you enable th
en retries; the default value is every eight hours. If the computer has not responded by the last contact attempt, its printers are pruned fro

's printers. This setting is designed to prevent printers from being pruned when the computer is temporarily disconnected from the networ
s. When enabled, this setting takes precedence over the other settings in this folder. This setting does not prevent users from using other

program access or defaults. This setting does not prevent the Default Programs icon from appearing on the Start menu.
is enabled, this setting is ignored.
commend their use, or to enable users to install them without having to search for installation files. If this setting is enabled, users cannot

d when configuring that network adapter.


pter, this setting is ignored when configuring that network adapter.
tting is ignored when configuring that network adapter.
dapter, this setting is ignored when configuring that network adapter.
ored when configuring that network adapter.
s ignored when configuring that network adapter.
ter, this setting is ignored when configuring that network adapter.
tting is ignored when configuring that network adapter.
apter, this setting is ignored when configuring that network adapter.
g is ignored when configuring that network adapter.
ackets is specified in the registry for a particular network adapter, this setting is ignored when configuring that network adapter.
etwork adapter in the registry, this setting is ignored when configuring that network adapter.

sted providers.
hat assisted resolution is available. If you disable this policy setting, Windows will not be able to detect, troubleshoot or resolve any Wind
efault setting. If you disable this policy setting, the items "Use a system image you created earlier to recover your computer" and "Reinstal
ch is every 60 seconds beginning with Windows Server 2003. Note: This feature might interfere with power configuration settings that tur

ndows Server 2003. See "Supported on" for all supported versions.
versions.) If you enable this policy setting and choose "Workstation Only" from the drop-down menu list, the Shutdown Event Tracker is di
t to this computer. If you do not configure this policy setting, users can configure the setting in System Properties in the Control Panel.
on occurs at the level specified. If you disable this policy setting, application-based settings are used. If you do not configure this policy setti
ure this policy setting, the user sees the default warning message.
turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote
setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to

contain authentication information. Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Map
tatus code to indicate an error condition. If you enable this policy setting, the RPC runtime will generate extended error information. You
n. If you disable this policy setting, the RPC Runtime will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation an
003 family/Windows XP SP1 or higher versions. If either the RPC Client or the RPC Server or the RPC HTTP Proxy run on an older version of
None" on Windows Server versions that support this policy setting. If you do not configure this policy setting, it remains disabled. The RPC
tate information. Note: Because the basic state information required for troubleshooting has a negligible effect on performance and uses o
ng they take, type 0. This interval is particularly important when other system tasks must wait while the scripts complete. By default, each s
r. Also, see the "Run Logon Scripts Visible" setting.
on folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.
on folders. The policy setting set in Computer Configuration takes precedence over the policy setting set in User Configuration.

mputer startup scripts: GPO B: B.cmd, B.ps1 GPO C: C.cmd, C.ps1 Assume also that there are two computers, DesktopIT and DesktopSales.
C: C.cmd, C.ps1 Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, th
C: C.cmd, C.ps1 Assume also that there are two users, Qin Hong and Tamara Johnston. For Qin, GPOs A, B, and C are applied. Therefore, th

le on startup, whether the ""Run startup scripts visible"" policy setting is enabled or not.
re no longer visible on startup, whether this policy setting is enabled or not.

nterface. If you disable this policy setting, users can only access and search troubleshooting content that is available locally on their compu
ou do not configure this policy setting, local troubleshooting preferences will take precedence, as configured in the control panel. If no loca

dex is rebuilt completely. Full volume encryption (such as BitLocker Drive Encryption or a non-Microsoft solution) must be used for the loca

on the web over metered connections, and if the web results are displayed in Search. Note: If you enable the "Don't search the web or dis
you disable or don't configure this policy setting, users can choose what information is shared in Search.

any indexing of online delegate mailboxes. Online delegate mailboxes are managed separately from online mailboxes. The "Enable Indexin
he speed of 120 items per minute. This policy has no effect on mail items when using Microsoft Office Outlook in cached mode.

ing, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033. http://sitename/_layouts/XXXX/searchres
me/Search.aspx?k=$w If your intranet search service is Windows SharePoint Services (WSS), the query should resemble the following, whe

cked desktop environment, this setting is redundant because non-administrative users do not have permission to install new components.
d then disable this policy setting, users can index any path not restricted by other policies, but their original list of paths to index is not rest

dministration guide for information about how to set up the initial machine preference.

at are joined to a Windows domain. When a computer is not joined to a Windows domain, the policy setting will have no effect. If you do

ected, the console is not displayed automatically at logon. Note: Regardless of the status of this policy setting, Server Manager is available
rs/days]” setting (in Windows Server 2012) that is configured in the Server Manager console. If you disable this policy setting, Server Mana
his window at logon" option, the window is not displayed on subsequent logons.

er a folder, or a WIM file. If it is a WIM file, the location should be specified by prefixing the path with “wim:” and include the index of the i

disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with M
disable this policy, Tablet PC user writing samples from the handwriting recognition personalization tool will automatically be shared with M

r user profile after an administrator has opted in the computer.

m from starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Mic
rom starting programs in the command window even though they would be prevented from doing so using File Explorer. Note: Non-Micros
e the configuration and the last configured setting will remain in effect.

y setting, only certificates that contain the smart card logon object identifier can be used to log on with a smart card.

smart card and this policy is enabled then the certificate that is used for logon on Windows 2000, Windows XP, and Windows 2003 Server
dless of the feature set of the CSP. If you disable or do not configure this setting, Windows will only attempt to read the default certificate

e expired or not yet valid will not be listed on the logon screen.

ed per organization. If you enable this policy setting or do not configure this setting, then the subject name will be reversed. If you disable

must also have an associated ECDH key to permit logons when you are not connected to the network.
an be controlled by the following options: • Warn and prevent bypass • Warn If you enable this policy with the "Warn and prevent bypas

P agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed f
configure using this setting. If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured o
nds trap messages to the hosts within the "public" community. If you disable or do not configure this policy setting, the SNMP service take

Global Resource Property List in AD DS provides the default set of properties.


ess of the file server configuration. If you do not configure this policy setting, users see a standard Access Denied message unless the file s
tem saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder. Also, see the "Remove Recent Items
ffect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del. Note: To add or remove the Log Off it

tracking and personalized menus and ignores this setting. Tip: To Turn off personalized menus without specifying a setting, click Start, click
te: Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is lo
in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
not configure it, the user can choose if they want notifications collapsed.

t new notifications.

ed path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\L
ed path and name of the XML file. You can type a local path, such as C:\StartLayouts\myLayout.xml or a UNC path, such as \\Server\Share\L
nd the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security s
setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button

nder Advanced Start menu options. Note:The items that appear in the Favorites menu when you install Windows are preconfigured by the
s toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you righ

pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning pr
u" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows. If you disable or do not c
see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connection

ou disable or do not configure this setting, the system will store and display shortcuts to recently and frequently used files, folders, and we
ppear in the Recent Items menu. When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remov
he target drive in an attempt to find the file. Note: This policy setting only applies to target files on NTFS partitions. FAT partitions do not h
e search of the target drive in an attempt to find the file. Note: This policy setting only applies to target files on NTFS partitions. FAT partiti
Windows logo) + R. If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in T
folders from Settings are available on the Start menu, and from Computer and File Explorer. Also, see the "Disable Control Panel," "Disable

policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.

appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in th
e desktop icons are now on the Start page. If you do not configure this setting, the default is the new style, and the user can change the vi

k. If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolb

setting, because if the notification area is hidden, there is no need to clean up the icons.

y fixes, and Microsoft updates that users need and shows the newest versions available for download. If you disable or do not configure th

urity dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off. Tip: To add o

gh System Protection. Also, see the "Turn off System Restore" policy setting. If the "Turn off System Restore" policy setting is enabled, the "
em Restore settings through System Protection. Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System
will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, application auto complete
will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, application auto complete
policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in In
policy, Input Panel tab will appear on the edge of the Tablet PC screen. Users will be able to configure this setting on the Opening tab in In
xt to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Op
xt to any text entry area in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Op
eas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. If y
eas in applications where this behavior is available. Users will not be able to configure this setting in the Input Panel Options dialog box. If y
w.” At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dia
w.” At this setting, all password security settings are turned off. Users will not be able to configure this setting in the Input Panel Options dia
arely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users w
arely used Chinese, Kanji, and Hanja characters will be included in recognition results when handwriting is converted to typed text. Users w
e to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose “Tolerant," users will be able to use th
e to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose “Tolerant," users will be able to use th
ialog box. If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in th
ialog box. If you disable this policy, Input Panel will provide text prediction suggestions. Users will not be able to configure this setting in th
ures described above will be available.
ures described above will be available.

rticularly over slow network connections. If you disable or do not configure this policy setting, all files that the user opens appear in the m

to take effect.

annot show an additional calendar, regardless of the locale. If you do not configure this policy setting, the calendar will be set according to
a task runs. Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Schedule
a task runs. Important: This setting does not prevent users from creating a new task by pasting or dragging any program into the Schedule
erested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setti
erested or confused by having the property sheet displayed automatically. Note that the checkbox is not checked by default even if this setti
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in Use
User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in Use
tasks from remote computers.
tasks from remote computers.
g At.exe to delete tasks.
g At.exe to delete tasks.
or each prefix received from the ISATAP router through stateless address auto-configuration. If the ISATAP router name is not resolved succe

y link-local IPv6 connectivity and a public IPv4 address. If no global IPv6 address is present and no global IPv4 address is present, the host w

f the host is on a network that includes a domain controller.

disable or do not configure this policy setting, the refresh rate is configured using the local settings on the computer. The default refresh ra

HTTPS interfaces are present on the host.


ntify connectivity and throughput problems casued by Firewalls or other middle boxes.

nly when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
ction is not specified at the Group Policy level.
g on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Wi
am can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specifie
tarted when a user starts a Remote Desktop Services session. If you enable this policy setting, remote users can start any program on the R
ed for remote desktop sessions. On the client computer, you can configure desktop composition on the Experience tab in Remote Desktop
ho do not have an existing session log on to the first RD Session Host server to which they connect. If you do not configure this policy settin

moteApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reache
moteApp session will be logged off from the RD Session Host server. If the user starts a RemoteApp program before the time limit is reache
in Remote Desktop Connection (RDC) or by using the "allow font smoothing" setting in a Remote Desktop Protocol (.rdp) file. If you enab

s in the order in which they are received.

High. The following encryption methods are available: * High: The High setting encrypts data sent from the client to the server and from th
ey are prompted for a password to log on. If you disable this policy setting, users can always log on to Remote Desktop Services automatic
D Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the
emote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Net
lected. Automatic certificate selection only occurs when a specific certificate has not been selected. If no certificate can be found that was
method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication m
ride this setting, even if they select the "Use these RD Gateway server settings" option on the client. Note: To enforce this policy setting, yo
method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwri
s can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop
t color depth supported by the client will be used. If you disable or do not configure this policy setting, the color depth for connections is n
ecified at the Group Policy level.
te Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote ta
d by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in th
n a Remote Desktop Services session. If the status is set to Disabled, wallpaper might appear in a Remote Desktop Services session, depen
ion 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from
might still be active. If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in
main Services. 2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host serve
If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as
esktop license server. If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
n allows two Remote Desktop Services sessions. To use this setting, enter the number of connections you want to specify as the maximum
box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also do

are registered in the background.


or to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to w
or to watch the session of a remote user with the user's consent. 5. View Session without user's permission: Allows the administrator to w

ion is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executa
ion is automatically logged off. To use this setting, in Program path and file name, type the fully qualified path and file name of the executa
d/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. Note: The preferred method of m
cy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an ini
Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Se
olders named for the account name of each user. To configure this policy setting, type the path to the network share in the form of \\Comp
For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" p
e of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size tha
a member of the RDS Endpoint Servers group on the license server. By default, the RDS Endpoint Servers group is empty. If you disable or
unning Windows Server 2003. By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license
efault, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Ser
ill be sent with a level of compression that is determined by the bandwidth of the remote connection. The audio playback quality that you
unning at least Windows 7, or Windows Server 2008 R2. If you enable this policy setting, audio recording redirection is allowed. If you disa
ction is not specified at the Group Policy level.
olicy setting, COM port redirection is not specified at the Group Policy level.
f you do not configure this policy setting, the default printer is not specified at the Group Policy level.
If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Sessio
If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Sessio
nd Windows XP. If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is alw
at the Group Policy level.
able this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this po
his policy setting, client printer mapping is not specified at the Group Policy level.
"Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, th

connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 and later.
wed for RPC clients that do not respond to the request. If the status is set to Not Configured, unsecured communication is allowed. Note: T
ection Broker server name policy setting. If you disable this policy setting, the server does not join a farm in RD Connection Broker, and us
etting, you must specify the name of a farm in RD Connection Broker. If you disable or do not configure this policy setting, the farm name i
t be able to connect directly by IP address to RD Session Host servers in the farm. If you disable this policy setting, the IP address of the RD
provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers. If you disable or do not configure this policy setti
Desktop Services sessions policy settings. If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-
Desktop Services sessions policy settings. If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-
his policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior th
his policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior th
pply. If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Deskt
pply. If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Deskt
ot configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sess
ot configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sess
do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless spe
temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote
the user receives a message that the publisher has been blocked.
the user receives a message that the publisher has been blocked.
at are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When
files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client
publisher. Notes: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure
publisher. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure
d on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box o
Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session H
ults in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality. If yo
network condition."
s available that balances memory usage and network bandwidth. In Windows 8 only the compression algorithm that balances memory us
applications published as RemoteApp programs do not support these advanced graphics.
emoteFX vGPU virtual machines” be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be se

ote Desktop Services sessions are optimized for rich multimedia.

ware-accelerated compression scheme. If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN
the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality. By default, Re
is policy setting, non-Windows thin clients that only support the Windows Server 2008 R2 SP1 RemoteFX Codec will not be able to connect
n URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default conn
ork quality. If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the ne
optimal protocols for delivering the best user experience.

ote Desktop Services sessions use the hardware graphics renderer by default. NOTE: The policy setting affects only the default graphics pro

ws will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentic
olicy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked
Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the G
ed TPM commands. If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in
user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older
ach time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Author
ailure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occ
pact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this
t interfere with their workflows.

lates unchecked, the UE-V Agent will use the default Microsoft templates installed by the UE-V Agent and custom templates in the settings
uded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled. I
uded from settings synchronization. If any version of the Internet Explorer settings are enabled this policy setting should not be disabled. I

, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings
, the user settings which are common between the Microsoft Office Suite 2016 applications are excluded from the synchronization settings

g, any defined values will be deleted.


g, any defined values will be deleted.
mmon between the Microsoft Office Suite 2016 applications will not be backed up. If you do not configure this policy setting, any defined v
mmon between the Microsoft Office Suite 2016 applications will not be backed up. If you do not configure this policy setting, any defined v

ith UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue
ith UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2016 applications continue
UE-V. If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. If you
UE-V. If you disable this policy setting, Microsoft Office 365 Access 2016 user settings are excluded from synchronization with UE-V. If you
If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. If you do not
If you disable this policy setting, Microsoft Office 365 Excel 2016 user settings are excluded from synchronization with UE-V. If you do not
you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. If you do not con
you disable this policy setting, Microsoft Office 365 Lync 2016 user settings are excluded from synchronization with UE-V. If you do not con
sync with UE-V. If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with
sync with UE-V. If you disable this policy setting, Microsoft Office 365 OneNote 2016 user settings are excluded from synchronization with
c with UE-V. If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V
c with UE-V. If you disable this policy setting, Microsoft Office 365 Outlook 2016 user settings are excluded from synchronization with UE-V
ntinue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchron
ntinue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 PowerPoint 2016 user settings are excluded from synchron
h UE-V. If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. If y
h UE-V. If you disable this policy setting, Microsoft Office 365 Project 2016 user settings are excluded from synchronization with UE-V. If y
o sync with UE-V. If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization wit
o sync with UE-V. If you disable this policy setting, Microsoft Office 365 Publisher 2016 user settings are excluded from synchronization wit
f you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. If you do not co
f you disable this policy setting, Microsoft Office 365 Visio 2016 user settings are excluded from synchronization with UE-V. If you do not co
V. If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. If you do no
V. If you disable this policy setting, Microsoft Office 365 Word 2016 user settings are excluded from synchronization with UE-V. If you do no
, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings
, the user settings which are common between the Microsoft Office Suite 2013 applications are excluded from the synchronization settings

g, any defined values will be deleted.


g, any defined values will be deleted.

ny defined values will be deleted.


ny defined values will be deleted.

mmon between the Microsoft Office Suite 2013 applications will not be backed up. If you do not configure this policy setting, any defined v
mmon between the Microsoft Office Suite 2013 applications will not be backed up. If you do not configure this policy setting, any defined v
lues will be deleted.
lues will be deleted.

ith UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue
ith UE-V. If you enable this policy setting, user settings which are common between the Microsoft Office Suite 2013 applications continue
UE-V. If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. If you
UE-V. If you disable this policy setting, Microsoft Office 365 Access 2013 user settings are excluded from synchronization with UE-V. If you
If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. If you do not
If you disable this policy setting, Microsoft Office 365 Excel 2013 user settings are excluded from synchronization with UE-V. If you do not
nc with UE-V. If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-
nc with UE-V. If you disable this policy setting, Microsoft Office 365 InfoPath 2013 user settings are excluded from synchronization with UE-
you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. If you do not con
you disable this policy setting, Microsoft Office 365 Lync 2013 user settings are excluded from synchronization with UE-V. If you do not con
sync with UE-V. If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with
sync with UE-V. If you disable this policy setting, Microsoft Office 365 OneNote 2013 user settings are excluded from synchronization with
c with UE-V. If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V
c with UE-V. If you disable this policy setting, Microsoft Office 365 Outlook 2013 user settings are excluded from synchronization with UE-V
ntinue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchron
ntinue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 PowerPoint 2013 user settings are excluded from synchron
h UE-V. If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. If y
h UE-V. If you disable this policy setting, Microsoft Office 365 Project 2013 user settings are excluded from synchronization with UE-V. If y
o sync with UE-V. If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization wit
o sync with UE-V. If you disable this policy setting, Microsoft Office 365 Publisher 2013 user settings are excluded from synchronization wit
oint Designer 2013 user settings continue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 SharePoint Designer 20
oint Designer 2013 user settings continue to sync with UE-V. If you disable this policy setting, Microsoft Office 365 SharePoint Designer 20
f you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. If you do not co
f you disable this policy setting, Microsoft Office 365 Visio 2013 user settings are excluded from synchronization with UE-V. If you do not co
V. If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. If you do no
V. If you disable this policy setting, Microsoft Office 365 Word 2013 user settings are excluded from synchronization with UE-V. If you do no
, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings
, the user settings which are common between the Microsoft Office Suite 2010 applications are excluded from the synchronization settings
y setting, any defined values will be deleted.
y setting, any defined values will be deleted.
ny defined values will be deleted.
ny defined values will be deleted.

uded from settings synchronization. If you disable this policy setting, all Windows Settings are excluded from the settings synchronization.
uded from settings synchronization. If you disable this policy setting, all Windows Settings are excluded from the settings synchronization.
ched to sync later. Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could u
ched to sync later. Set SyncMethod to “External” when an external synchronization engine is being deployed for settings sync. This could u
an roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on compu
an roll settings back to the state when UE-V was installed or to “last-known-good” configurations. Only enable this policy setting on compu
ze Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
ze Windows apps. The Windows apps will default to whatever settings are configured in the Sync your settings configuration in Windows.
isplays notifications, and the user cannot access Company Settings Center from the system tray. The Company Settings Center remains acc

gure this policy, any defined values will be deleted.


gure this policy, any defined values will be deleted.

administrator group is also given full control to the user's profile folder. If you disable or do not configure this policy setting, only the user
3 family, Windows 2000 Professional SP4 and Windows XP SP1, the default behavior is to check the folder for the correct permissions if the
r). As a result, users can access any directory on the home share by using the home directory drive letter. If you disable or do not configure
when the user logs off. The roaming profile still remains on the network server that stores it. If you disable or do not configure this policy
you disable this policy setting or do not configure it, slow link detection is enabled. The system measures the speed of the connection bet
ck box appears on the logon screen and the user must choose whether to download the remote user profile before Windows detects the n
and Appdata\LocalLow folders and all their subfolders such as the History, Temp, and Temporary Internet Files folders are excluded from th
tting, Windows will not delete Windows Installer or Group Policy software installation data for roaming users when profiles are deleted from
ying users of the oversized profile. -- Determine how often the customized message is displayed. Note: In operating systems earlier than M
e this setting, the following occurs on the affected computer: At first logon, the user receives a new local profile, rather than the roaming p
ows waits for user input before using a default user profile for roaming user profiles. The default timeout value is 30 seconds. To use this p
th a temporary profile when Windows cannot load their user profile. Also, see the "Delete cached copies of roaming profiles" policy settin
e of once per second) to unload and update the registry settings. By default, the system repeats its periodic attempts 60 times (over the cou
ng persisted. If you enable this policy setting, changes a user makes to their roaming profile aren't merged with the server (roaming) copy
ow to load, the system loads the local copy of the roaming user profile. The local copy is also used when the user is consulted (as set in the
om the server before considering the connection to be slow. If you disable or do not configure this policy setting, Windows considers the n

any other cached data via Offline Files and continue to remain online while the user is logged on, if the network paths are accessible. Note
ys are closed. If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there ar
e specified in this policy setting. Setting the value to zero causes Windows to proceed without waiting for the network. If you disable or do
profile. If you enable this policy setting, all users logging on this computer will use the roaming profile path specified in this policy. If you d
e of 6 hours, the registry file of the roaming user profile is uploaded to the server every six hours while the user is logged on. If "Run at spe
is setting and the user's name and account picture will not be shared with apps (not desktop apps). In addition apps (not desktop apps) tha

ws Server 2012 version of the Active Directory schema to function. If you enable this policy setting and the user has a roaming profile, the
C:\HomeFolder) in the Path box. Do not specify environment variables or ellipses in the path. Also, do not specify a placeholder for the us
up appropriate schema extensions and access control settings on the domain before AD DS backup can succeed. More information about s
wizard displays to users for recovering BitLocker encrypted data. Saving to a USB flash drive will store the 48-digit recovery password as a t
ay the computer's top-level folder view. If you disable or do not configure this policy setting, the BitLocker setup wizard will display the com
tion algorithm and key cipher strength for BitLocker to use to encrypt drives. If you disable or do not configure this policy setting, BitLocke
to encrypt drives. If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit
AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511). If you disable or do not configu

age you type in the "Custom recovery message option" text box will be displayed in the pre-boot key recovery screen. If a recovery URL is a
not be used.
BitLocker, not when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you ena

ential updates to the BitLocker To Go Reader. BitLocker will only manage and update data recovery agents when the identification field on t
e is configured for the certificate it must be set to an object identifier (OID) that matches the OID configured for BitLocker. If you enable thi
grity validation" group policy, the "Use enhanced Boot Configuration Data validation profile" group policy is ignored. The setting that contr
n Microsoft TechNet for more information about adding data recovery agents. In "Configure user storage of BitLocker recovery information
e encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLo
t can also require users to enter a 4-digit to 20-digit startup personal identification number (PIN). A USB flash drive containing a startup ke
mation used to encrypt the drive is stored on the USB drive, creating a USB key. When the USB key is inserted the access to the drive is aut
Unlock certificate. The Network Unlock certificate is used to create Network Key Protectors, and protects the information exchanged with
unlock the drive and the computer will instead display the BitLocker Recovery console and require that either the recovery password or rec
tform validation profile for native UEFI firmware configurations" group policy setting to configure the TPM PCR profile for computers using
sed firmware configurations" group policy setting to configure the TPM PCR profile for computers with BIOS configurations or computers w
od to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if th
n algorithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-base
ssword. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device

use legacy platform integrity validation, even on systems capable of Secure Boot-based integrity validation. When this policy is enabled an
bout adding data recovery agents. In "Configure user storage of BitLocker recovery information" select whether users are allowed, required
when unlocking a volume. BitLocker will allow unlocking a drive with any of the protectors available on the drive. If you enable this policy s

ves. When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted fixed drives" check box to help
art cards to authenticate their access to BitLocker-protected fixed data drives. If you do not configure this policy setting, smart cards can be
e encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLo
thms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based encr
ormation about adding data recovery agents. In "Configure user storage of BitLocker recovery information" select whether users are allow
ult the BitLocker Drive Encryption Deployment Guide on Microsoft TechNet for more information on suspending BitLocker protection. If yo
will allow unlocking a drive with any of the protectors available on the drive. If you enable this policy setting, users can configure a passwo
field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting.
rotected drives. When this policy setting is enabled, select the "Do not install BitLocker To Go Reader on FAT formatted removable drives"
use smart cards to authenticate their access to BitLocker-protected removable data drives. If you do not configure this policy setting, smar
e encryption type option will not be presented in the BitLocker setup wizard. If you disable or do not configure this policy setting, the BitLo
algorithms and cipher suites used with hardware-based encryption. If you disable this policy setting, BitLocker cannot use hardware-based
values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar). HoldPeriod This parameter indicates h
tion of the Windows Time Service Group Policy Settings. The default value is ""time.windows.com,0x09"". Type This value controls the au

Manual connection attempts - When the computer is already connected to either a non-domain based network or a domain based netw
n are not blocked by this policy setting. In circumstances where there are multiple simultaneous connections to either the Internet or to a
vice is in the running state. When the service is stopped or disabled, diagnostic scenario data will not be deleted. The DPS can be configur
olicy setting, Windows cannot detect, troubleshoot, or resolve any problems that are handled by the DPS. If you do not configure this polic

perations are enabled over all media. The default for this policy setting allows operations over all media.

settings configured by the local administrator.


er a nonconfigurable delay of approximately five seconds.

ck step according to the order specified above.


g, the proxy will skip over this fallback step according to the order specified above.

will be a check to see if antivirus and antispyware definitions are enabled. If at least one is enabled, the service will remain running. If both

etwork performance. If you enable or do not configure this setting, definition retirement will be enabled. If you disable this setting, definiti
= Scan incoming and outgoing files (default) 1 = Scan incoming files only 2 = Scan outgoing files only Any other value, or if the value does n

ation will run at a default frequency.

h-up scans for scheduled full scans will be turned off.


atch-up scans for scheduled quick scans will be turned off.

t number of days have passed without an update.


of days have passed without an update.
empty by default and no sources will be contacted.
sources in the list will not be contacted. If you disable or do not configure this setting, definition update sources will be contacted in a def

be set to 1 (Send safe samples) or 3 (Send all samples). Setting to 0 (Always Prompt) will lower the protection state of the device. Setting t

nformation might unintentionally be sent to Microsoft. However, Microsoft will not use this information to identify you or contact you. Pos

) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives) (0x4) High+ bloc
samples when further analysis is required" all need to be enabled.
cked from connecting to dangerous domains. Not configured: Same as Disabled.
ns can be trusted. You can add additional trusted applications in the configure allowed applications GP setting. Default system folders are a
The following status IDs are permitted under the value column: - 1 (Block) - 0 (Off) - 2 (Audit) Example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx
Configure Attack Surface Reduction rules GP setting.
em folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
der access GP setting. Windows Defender Antivirus automatically determines which applications can be trusted. You can add additional tru

nd, on the File menu, click Open. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP co
ws programs. To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open. Note: In Windows Vist
o the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification
ll be displayed in the Places Bar. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP com
pplied to the user. Note: In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web
nsions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Ext
nt target path. It does not search for the original path even when it cannot find the target file in the current target path. If you disable or do

oltips" option in Display in Control Panel.

box, or in a command window. Also, this policy setting does not prevent users from using programs to access these drives or their contents
log box or the Map Network Drive dialog box. To remove computers in the user's workgroup or domain from lists of network resources, us

her methods to start Computer Management. Tip: To hide all context menus, use the "Remove File Explorer's default context menu" settin
ent is part of a workgroup. Note: The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Pro
Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives. Note: It is a requirement for third-

le this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon c

ect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Sea

g the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents

m connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dia
ng off and logging on again using their administrator credentials. If the dialog box does not appear, the installation proceeds with the curr

isable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. If you do not con
isable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders. If you do not con

h again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet searc
pecified .Library-ms or .searchConnector-ms file. You can add up to five additional links to the "Search again" links at the bottom of results
orary file and functions as if both new and old locations point to different shares when their network paths are different. Note: If the paths
mpatibility issues in applications that depend on the existence of the known folder.

ries from the scope of Start search This policy will not enable users to add unsupported locations to Libraries. If you enable this policy, Win
uent uses of the search box.

h queries in this zone using Search Connectors.


h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
arch queries in this zone using Search Connectors.
arch queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
h queries in this zone using Search Connectors.
arch queries in this zone using Search Connectors.
arch queries in this zone using Search Connectors.
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb
zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumb

an be controlled by the following options: • Warn and prevent bypass • Warn If you enable this policy with the "Warn and prevent bypas

be applied at logon time. If the policy is enabled, disabled, or not configured, users will still be able to override default file type and protoc

figure it, the default value is set to 50 MB on Windows XP Professional and is unlimited (4294967295 MB) on Windows Server 2003.
during setup. Note: This policy setting affects file scanning only. It does not affect the standard background file change detection that Wind
etting and add systems to the list, upon disabling this policy, Windows Defender Firewall deletes the list. Note: You define entries in this lis
as the "Windows Defender Firewall: Define inbound port exceptions" policy setting. To view the program list, enable the policy setting and
However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-
nel to turn Windows Defender Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" pol
y turning off the firewall. If you disable this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited in
orts, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them
this computer to send or receive. If you disable this policy setting, Windows Defender Firewall blocks all the listed incoming and outgoing
uring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log
tting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component o
es the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definitio
nistrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prev
en additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control con
eiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Defend
the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows D
y setting, Windows Defender Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an admin
as the "Windows Defender Firewall: Define inbound port exceptions" policy setting. To view the program list, enable the policy setting and
However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-
nel to turn Windows Defender Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" pol
y turning off the firewall. If you disable this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited in
orts, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them
this computer to send or receive. If you disable this policy setting, Windows Defender Firewall blocks all the listed incoming and outgoing
uring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log
tting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component o
es the syntax format. To remove a port, click its definition, and then press the DELETE key. To edit a definition, remove the current definitio
nistrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prev
en additional dynamically-assigned ports, typically in the range of 1024 to 1034. On Windows Vista, this policy setting does not control con
eiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Defend
the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows D
y setting, Windows Defender Firewall blocks these ports, which prevents this computer from receiving Plug and Play messages. If an admin

e the license is generated locally in this scenario. When this policy is either disabled or not configured, Windows Media DRM functions no
e Player for the first time.
me options in the anchor window are not available.
thing check box. Video smoothing is available only on the Windows XP Home Edition and Windows XP Professional operating systems.
DVDs from the Internet check box.

ge the setting of the Update my music files (WMA and MP3 files) by retrieving missing media information from the Internet check box.

ers can change the setting for the Allow screen saver during playback check box.

privacy settings not configured by other polices.


ser has access only to the Player features that are available with the specified skin. Users cannot switch the Player to full mode and cannot
P protocol and the proxy cannot be configured. If the "Hide network tab" policy setting is also enabled, the entire Network tab is hidden. T
he entire Network tab is hidden. This policy setting is ignored if the "Streaming media protocols" policy setting is enabled and Multicast is
he entire Network tab is hidden. If you disable this policy setting, the RTSP proxy server cannot be used and users cannot change the RTSP

he buffering options on the Performance tab.


st streams can be received if the "Allow the Player to receive multicast streams" check box on the Network tab is selected. If you enable th
ote: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting. Note: This
ote: If you do not want users to use Windows Messenger, enable the "Do not allow Windows Messenger to run" policy setting. Note: This

on each computer.
om a remote computer, regardless of whether or not any WinRM listeners are configured. The service listens on the addresses specified by

ation values to be set for plug-ins and the RunAsPassword value will be stored securely. If you enable and then disable this policy setting,an

request containing an invalid channel binding token is rejected. However, a request that does not contain a channel binding token is accept

ne catalog customized for your computer that consists of items such as drivers, critical updates, Help files, and Internet products that you ca
able for installation at the time the user selects the Shut Down option in the Start menu. Note that this policy setting has no impact if the
able for installation at the time the user selects the Shut Down option in the Start menu. Note that this policy setting has no impact if the
n configure one of the following notification options: 0 = Do not show any notifications This setting will remove all access to Windows Upd
ny available updates. 3 = (Default setting) Download the updates automatically and notify when they are ready to be installed Windows fin
optional server name value can be specified to configure Windows Update Agent to download updates from an alternate download server
. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
case of updates that contain User Interface , End User License Agreement , or Windows Update setting changes. There are two situations

get more information about the software or install it. The user can also click "Close this message" or "Show me later" to defer the notificati
update if an install deadline occurs. The system will not wake unless there are updates to be installed. If the system is on battery power, w
will automatically restart in 5 minutes to complete the installation. Note: This policy applies only when Automatic Updates is configured to

nfigured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this policy has no effect.
oft update service. Note: This policy applies only when the intranet Microsoft update service this computer is directed to is configured to s
n an intranet Microsoft update service must always be signed by Microsoft and are not affected by this policy setting. Note: This policy is no

allation on the device. Users can download and install Windows preview builds on their devices by opting-in through Settings -> Update and
uilds of Windows just before Microsoft releases them to the general public. * Semi-Annual Channel (Targeted): Receive feature updates w

he active hours start time unless otherwise configured via the Specify active hours range for auto-restarts policy.
stallations. 2. Always automatically restart at scheduled time.

ng. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed

with the Microsoft Windows desktop. For domain user accounts in Windows Server 2003, Windows 2000 native, or Windows 2000 mixed
ire” setting. If “Set action to take when logon hours expire” is disabled or not configured, the “Remove logon hours expiration warnings” se
nfigure this setting, the system takes no action when the user’s logon hours expire. The user can continue the existing session, but cannot l
, only Ease of Access applications running on the secure desktop can simulate the SAS.

e fully qualified path to the file. If you disable this setting or do not configure it, the setting is ignored and the system displays the Explorer
-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts.
t down faster and more smoothly.

ed or is not configured, the cost of Wireless LAN connections is Unrestricted by default.

acts. "Enable paid services" enables Windows to temporarily connect to open hotspots to determine if paid services are available. If this p

ngs" policy setting does not apply to a user, Work Folders is not automatically set up. If you disable or do not configure this policy setting,
ment variables. Note: In order for this configuration to take effect, a valid 'Work Folders URL' must also be specified. The "Force automatic s

ocal API calls from within the application. If you disable or do not configure this policy setting, the client computer will connect to WNS at u

d, the cost of 3G connections is Fixed by default.


d, the cost of 4G connections is Fixed by default.

ular data and employees in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to a
to all sites in Trusted zones.
grams they are most likely to need. Note: This setting is ignored if either the "Remove Add or Remove Programs" setting or the "Hide Add N
programs from removable media, regardless of this setting.

administrator, and they cannot use Add or Remove Programs to install published programs. However, they can still install programs by using

menu. See the "Remove Set Program Access and Defaults from Start menu" setting.

ard immediately. Because the only remaining option on the Add/Remove Windows Components page starts the wizard, that option is selec
information hyperlink.

ing, which then prevents any 16-bit applications from running. In addition, any 32-bit applications with 16-bit installers or other 16-bit com

r system accurately reflects those changes.


e Protection and User Account Control features of Windows use the application compatibility engine to provide mitigations for application

o not configure this policy setting, the PCA will be turned on. To configure the diagnostic settings for the PCA, go to System->Troubleshootin

o choose the type of content that can be copied, by using the content options: - 1. Allows text copying. - 2. Allows image copying. - 3. Allo

Windows apps are not allowed to access account information and employees in your organization cannot change it. If you disable or do no
llowed to access the calendar and employees in your organization cannot change it. If you disable or do not configure this policy setting, e
owed to access the call history and employees in your organization cannot change it. If you disable or do not configure this policy setting,
wed to access the camera and employees in your organization cannot change it. If you disable or do not configure this policy setting, emplo
cess contacts and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in you
ail and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your organizati
ess location and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your
apps cannot read or send messages and employees in your organization cannot change it. If you disable or do not configure this policy setti
ps are not allowed to access the microphone and employees in your organization cannot change it. If you disable or do not configure this p
lowed to access motion data and employees in your organization cannot change it. If you disable or do not configure this policy setting, em
llowed to access notifications and employees in your organization cannot change it. If you disable or do not configure this policy setting, e
d to make phone calls and employees in your organization cannot change it. If you disable or do not configure this policy setting, employee
will not have access to control radios and employees in your organization cannot change it. If you disable or do not configure this policy se
ot change it. If you choose the "Force Deny" option, Windows apps are not allowed to communicate with unpaired wireless devices and em
and employees in your organization cannot change it. If you disable or do not configure this policy setting, employees in your organization
are not allowed to access trusted devices and employees in your organization cannot change it. If you disable or do not configure this polic
are not allowed to run in the background and employees in your organization cannot change it. If you disable or do not configure this polic
in your organization cannot change it. If you choose the "Force Deny" option, Windows apps are not allowed to get diagnostic information

memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the old
terval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. User Publishing Re
terval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. User Publishing Re
terval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. User Publishing Re
terval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. User Publishing Re
terval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. User Publishing Re

ng an app package) of Windows Store apps when using a special profile. If you disable or do not configure this policy setting, Group Policy

default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulne
default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulne

registered antivirus programs when file attachments are opened.


ment data. If you disable this policy setting, Windows uses its default trust logic, which prefers the file handler over the file type. If you do
of the file's zone information. If you enable this policy setting, you can specify the default risk level for file types. If you disable this policy s

he security events will be able to read the command line arguments for any successfully created process. Command line arguments can co
avior for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executin
avior for autorun to: a) Completely disable autorun commands, or b) Revert back to pre-Windows Vista behavior of automatically executin

e this setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay
e this setting to enable Autoplay on drives on which it is disabled by default. If you disable or do not configure this policy setting, AutoPlay

vent that someone forgets their logon credentials.

timeout to specified number of days. If you disable or do not configure this policy setting, the default value of 90 (days) will be used for the

u disable or do not configure this policy setting, BITS uses all available unused bandwidth. Note: You should base the limit on the speed of
dule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Fr
disable or do not configure this policy setting, the limits defined for work or nonwork schedules will be used. Note: The bandwidth limits t
mputer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possib

setting is disabled or not configured.


peer caching" policy setting is disabled or not configured.

the maximum network bandwidth used for peer caching. If you disable this policy setting or do not configure it, the default value of 30 pe
en not roaming. The values that can be assigned are: - Always transfer - Transfer unless roaming - Transfer unless surcharge

created by services and the local administrator account do not count toward this limit.

potlight will be turned off and users will no longer be able to select it as their lock screen. Users will see the default lock screen image and

ke it work better for them. Note: this setting does not control Cortana tailored experiences, since there are separate policies to configure i
ot perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both setti
ot perform all its functions, or it might stop. This setting appears in the Computer Configuration and User Configuration folders. If both setti

trol Panel item's canonical name. For example, enter Microsoft.Mouse, Microsoft.System, or Microsoft.Personalization. Note: For Window

osoft.Mouse, Microsoft.System, or Microsoft.Personalization. Note: For Windows Vista, Windows Server 2008, and earlier versions of Win
ould normally be hidden for other reasons (such as a missing hardware device), this policy will not force that page to appear. After this, the
ond, the screen saver timeout is set to a nonzero value through the setting or Control Panel. Also, see the "Prevent changing Screen Saver"
m32 directory, type the fully qualified path to the file. If the specified screen saver is not installed on a computer to which this setting appli
otected, enable the "Enable Screen Saver" setting and specify a timeout via the "Screen Saver timeout" setting. Note: To remove the Scree
n saver program on the client. When not configured, whatever wait time is set on the client through the Screen Saver dialog in the Persona

ct the Luna visual style by typing %windir%\resources\Themes\Luna\Luna.msstyles Note: To select the Windows Classic visual style, leave

ng to always force the specified lock screen and logon image to be shown. Note: This setting only applies to Enterprise, Education, and Ser
account pictures.

erwise enabled credential providers are available for authentication purposes.

s required when waking the device. Instead, a password is required immediately after the screen turns off. If you don't configure this polic

cation. For more information, see KB. FWlink for KB: http://go.microsoft.com/fwlink/?LinkId=301508 Note: The "Allow delegating default
the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMS
hine. Note: The "Allow delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN repre
ng fresh credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SP
mitted to any machine. Note: The "Allow delegating saved credentials" policy setting can be set to one or more Service Principal Names (SP
n of saved credentials is not permitted to any machine. If you disable this policy setting, delegation of saved credentials is not permitted to
ERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TER
ple: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
e SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrik
ons must use Remote Credential Guard to connect to remote hosts. Require Restricted Admin: Participating applications must use Restric
unning on their computers, including system services, find the executable names of programs, and change the priority of the process in whi

on the device. A value of 2 (Enhanced) sends the same data as a value of 1, plus additional data such as how Windows, Windows Server, S
on the device. A value of 2 (Enhanced) sends the same data as a value of 1, plus additional data such as how Windows, Windows Server, S

nalytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic, or Security le

an view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list a
ervices. 100=Bypass mode. Do not use Delivery Optimization and use BITS instead.

log on to the system.

tched. Users cannot change this specification. If you disable this setting or do not configure it, no wallpaper is displayed. However, users ca

ect of expansive searches.


ble this setting, Computer is displayed as usual, appearing as normal on the desktop, Start menu, folder tree pane, and Web views, unless

otection of Code Integrity remotely if it was previously turned on with the "Enabled without lock" option. The "Enabled with UEFI lock" o
computer. Instead, you must either: 1) first update the policy to a non-protected policy and then disable the setting, or 2) disable the setti
rosoft Windows Publisher certificate are selected for installation over drivers that are signed by other Authenticode certificates.

sses" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a remote desktop
other policy settings.
hese device classes" policy setting, or the "Prevent installation of removable devices" policy setting). If you enable this policy setting on a re

evices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, Windows can insta
able devices" policy setting.

d whether to permit unsigned files to be installed. "Warn" is the default. -- "Block" directs the system to refuse to install unsigned files. A

tem/Internet Communication Management/Internet Communication settings.

r do not configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches so

d, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Microsoft Management Console. Not
t resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No reboots
This policy setting is applicable only if the NV cache feature is on.

her policy settings for the NV cache are appropriately configured. Note: This policy setting will take effect on next boot. If you do not confi

a particular disk quota limit. To specify a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the syste
me were exhausted. When users reach an unenforced limit, their status in the Quota Entries window changes, but they can continue to writ
not affect disk quota limits for current users, or affect customized limits and warning levels set for particular users (on the Quota tab in Vo
ng is independent of the enforcement policy settings for disk quotas. As a result, you can direct the system to log an event, regardless of w
tab. Even without the logged event, users can detect that they have reached their warning level because their status in the Quota Entries w

computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it is joined.
in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting. For examp
only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A
onfiguration for individual network connections.
ecord with an A resource record that has the client's current IP address. If you enable this policy setting or if you do not configure this polic
esh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records. To

suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "micros
unsecured update is refused, clients try to use secure update.
authoritative for the resource records that the computer needs to update.
ox on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box. Devolution is not enabled if a globa
es of the primary DNS suffix check box on the DNS tab in Advanced TCP/IP Settings for the Internet Protocol (TCP/IP) Properties dialog box.
e network adapters.
ved from a combination of the local DNS client's primary domain suffix, a connection-specific domain suffix, and a DNS suffix search list. If
optimized when issuing DNS, LLMNR and NetBT queries.
abled or not configured.

s received from networks higher in the binding order. Note: This policy setting is applicable only if the turn off smart multi-homed name re
re filtered by default. This policy setting applies to Japanese Microsoft IME only. Note: Changes to this setting will not take effect until the

assified by the Early Launch Antimalware boot-start driver. If you enable this policy setting you will be able to choose which boot-start drive

s in Control Panel, and default values are applied for any Windows Error Reporting policy settings that are not configured (even if users hav
notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notifi
bled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
bled or not configured, user settings in Control Panel for Windows Error Reporting are applied.

you disable or do not configure this policy setting, users can enable or disable Windows Error Reporting in Control Panel. The default setti
etting is configured to report all application errors. If this policy setting is enabled, the Exclude errors for applications on this list setting take
nder the Report errors for applications on this list setting, and edit the list of application file names in the Show Contents dialog box. The file
disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
disable or do not configure this policy setting, errors are reported on all Microsoft and Windows applications by default.
many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution check remind
re queued until an administrator is prompted to send them, or until the administrator sends them by using the Solutions to Problems page
o check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. - 3 (Send p
o check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft. - 3 (Send p

hich Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Wi
hich Windows has determined (within a high probability) does not contain personally-identifiable information is sent automatically, and Wi

this change across all tools and APIs.

ross all tools and APIs.

XML file in a shared or local path. Note: Endpoints that have this GP setting set to Enabled must be able to access the XML file, otherwise t
nistrators group can make changes using the Windows To Go Startup Options Control Panel item.

mpted automatically. Windows will log an administrator event with instructions if manual recovery is possible. If you enable this setting, th
evoke access to all content protected using the specified EID on the device. If you disable or do not configure this policy setting, the only

der. Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirec
tion in the user interface. Note: Do not enable this policy setting if users will need access to their redirected files if the network or server h
e configured value of "Do not automatically make all redirected folders available offline".
der. Note: This policy is valid only on Windows Vista, Windows 7, Windows 8, and Windows Server 2012 when it processes a legacy redirec
fore updating the Folder Redirection location. If you disable or do not configure this policy setting, when the path to a redirected folder is
the Documents and Pictures folders, the folders are redirected on the user's primary computer only. If you disable or do not configure this
the Documents and Pictures folders, the folders are redirected on the user's primary computer only. If you disable or do not configure this

nning state. When the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services sn

e or do not configure this policy setting, the user can select a custom locale as their user locale. If this policy setting is enabled at the mach
e or do not configure this policy setting, the user can select a custom locale as their user locale. If this policy setting is enabled at the mach
licy setting, administrators can select any system locale shipped with the operating system.

ale list can be selected by users. If you disable or do not configure this policy setting, users can select any locale installed on the computer,
ale list can be selected by users. If you disable or do not configure this policy setting, users can select any locale installed on the computer,

User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configu
User policy. If this policy is set to Disabled at the computer level, then the per-User policy will be ignored. If this policy is set to Not Configu

of Windows menus and dialogs language" policy setting.

Regional and Language Options control panel to select any available UI language.

If this policy is disabled, automatic learning of speech, inking, and typing stops and users cannot change its value via PC Settings. If this p
by 20, that is 2000 to 2029. Conversely, all two-digit years greater than 29 (30 to 99) are interpreted as being preceded by 19, that is, 1930
nk entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languag
nk entered through Input Panel is collected and stored. Note: Automatic learning of both text and ink might not be available for all languag

P-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Acti
P-ATL thunk emulation for the child process. DEP-ATL thunk emulation causes the system to intercept NX faults that originate from the Acti

See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.) The slow link value
esholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronous foreground behavior.) The slow li

o using a fast network connection in the case that no network bandwidth speed is determined. Note: When Group Policy detects a slow n
background refresh, extensions requiring synchronous processing such as Software Installation, Folder Redirection and Drive Maps prefer
omputers that are joined to a workgroup.
default wait time of 30 seconds on computers running Windows Vista operating system.
r. - An event log message (1109) is posted, stating that loopback was invoked in Replace mode. If you enable this policy setting, the behavi
essing across a slow network connection" option updates the policies even when the update is being transmitted across a slow network co
elephone line. Updates across slow connections can cause significant delays. The "Do not apply during periodic background processing" op
ss slow connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the system fro
etwork connection" option updates the policies even when the update is being transmitted across a slow network connection, such as a te
a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply dur
work connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Do not apply during periodi
he next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the po
ficant delays. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the
ges will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option
across slow connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the syste
ow connections can cause significant delays. The "Do not apply during periodic background processing" option prevents the system from u
a User Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer
a User Configuration and Computer Configuration setting. Also, see the "Turn off Resultant set of Policy logging" policy setting in Computer
e GPO if they have a later timestamp. NOTE: If the Computer Configuration policy setting, "Always use local ADM files for the Group Policy

for computers" policy setting to change the policy refresh interval. Note: If you make changes to this policy setting, you must restart your
nly" command is turned on by default, but administrators can view preferences by turning off the "Show Policies Only" command. Note: To
n read and write changes to any available domain controller. If you disable this setting or do not configure it, the Group Policy Object Edito
in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fas
in kilobits per second. Any connection slower than this rate is considered to be slow. If you type 0, all connections are considered to be fas
traffic, very short update intervals are not appropriate for most installations. If you disable this setting, Group Policy is updated every 90 m
dates Group Policy every 5 minutes (the default). To specify that Group Policies for users should never be updated while the computer is in
date intervals are not appropriate for most installations. If you disable this setting, user Group Policy is updated every 90 minutes (the defa

oup Policy Object Editor snap-in always uses local ADM files in your %windir%\inf directory when editing GPOs. This leads to the following

computer's Group Policy Objects replace the user settings normally applied to the user. "Merge" indicates that the user settings defined in
etting, Group Policy will use the default wait time of 60 seconds on computers running Windows operating systems greater than Windows 7
ne. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prev
trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If ther
ne line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option
er trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If th
cross slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the syste
the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefe
e. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prev
ace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there a
uch as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background pr
er trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If the
connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from u
on where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no preference item
itted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do
e "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option
oss slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system
he location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefer
across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the sys
the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefer
. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option preve
o the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no pref
network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during p
uration, you must provide a path in the "User trace" box to the location where a user trace file can be created on the client computer, and y
d across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not
th in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing"
telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing
n the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" opti
slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply du
e "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option
nsmitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The
the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no prefe
as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background proces
th in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing"
s across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the sy
o the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no pref
ss a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. 2. The "Do not appl
in the "User trace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" op
across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the sys
o the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no pre
tes across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the
ox to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there are no
e. Updates across slow connections can cause significant delays. 2. The "Do not apply during periodic background processing" option preve
ace" box to the location where a user trace file can be created on the client computer, and you must turn on the "Tracing" option. If there a

r its children. Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that
cted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use o
by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Con

ricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use

d list of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.
nless restricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Pe
estricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit u

ricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use
by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit use of Con
d list of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.

stricted by the "Restrict users to the explicitly permitted list of snap-ins," "Permit use of Control Panel Settings (Computers)," or "Permit us
st of snap-ins" or "Permit use of Control Panel Settings (Computers)" policy settings.

of snap-ins" or "Permit use of Control Panel Settings (Users)" policy settings.


n. Enabling this policy setting does not override any "Permit use of <extension name> preference extension" policy settings that are disable

the %windir%\help folder and D:\somefolder, add the following string to the edit box: "%windir%\help;D:\somefolder". Note: An environm
e locations cannot launched from Help
e locations cannot launched from Help
mory abnormalities.
usted authorities. If you disable or do not configure this policy setting, your computer will contact the Windows Update website.

placed by "Specify Driver Source Search Order" in "Administrative Templates/System/Device Installation" on newer versions of Windows.
, the user can click the hyperlink, which prompts the user and then sends information about the event over the Internet to Microsoft. Also
et connection.
tions page.

emplates/Windows Components/Windows Error Reporting.


nable automatic updating to receive notifications and critical updates from Windows Update.
hoosing Classic Search turns off the Search Companion feature completely.

the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.

e to opt in and allow information to be collected.


e to opt in and allow information to be collected.
e Improvement Program. If you do not configure this policy setting, the administrator can use the Problem Reports and Solutions compone

fy Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Co
ecurity Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zo

ontrols, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
curity. 2. Double-click Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings.
controls are handled for each security zone, carry out the following steps: 1. In Group Policy, click User Configuration, click Internet Explore
y Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in
ck Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in which you want to manage Acti
Security Zones and Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content z
age ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Con
ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
ws Vista. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the I
ws Vista. If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the I
ternet Explorer settings. This feature is turned off by default.
ternet Explorer settings. This feature is turned off by default.
n read from in the registry and the file system. When Enhanced Protected Mode is enabled, and a user encounters a website that attempt
n read from in the registry and the file system. When Enhanced Protected Mode is enabled, and a user encounters a website that attempt
ernet Explorer settings. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user
ernet Explorer settings. By selecting this option, Internet Explorer sends a DNT:1 header with all HTTP and HTTPS requests; unless the user

n list. If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. Note: SSL 2
n list. If you disable or do not configure this policy setting, the user can select which encryption method the browser supports. Note: SSL 2

ograms or display their identities before downloading them to user computers.


ograms or display their identities before downloading them to user computers.

wser, so does not prompt users to install them.


wser, so does not prompt users to install them.
Temporary Internet Files folder when browser windows are closed.
Temporary Internet Files folder when browser windows are closed.

re this policy setting, the user can turn on or turn off details in these error messages.

ng are measured in minutes after midnight. The Maximum Offline Page Crawl Depth setting specifies how many levels of a Web site are sea

orer) takes precedence over this policy. If it is enabled, this policy is ignored.

ated in User Configuration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either po
s that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in User Configuration\Adminis

intended for organizations that are concerned about server load for downloading content. The "Hide Favorites menu" policy (located in U
orites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence ov
uration\Administrative Templates\Windows Components\Internet Explorer) take precedence over this policy. If either policy is enabled, thi

ngs" "Disable changing link color settings" "Disable changing font settings" "Disable changing language settings" "Disable changing acces
ngs" "Disable changing link color settings" "Disable changing font settings" "Disable changing language settings" "Disable changing acces
ser can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format on
ser can control this setting by using Advanced Options in Internet Control Panel. By default, domain names are converted to IDN format on

tting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. For
tting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone. For

u wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an a
u wish to add to the list. The CLSID should be in brackets for example, ‘{000000000-0000-0000-0000-0000000000000}'. The CLSID for an a
he 'Add-on List' policy setting. If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowe
he 'Add-on List' policy setting. If you enable this policy setting, Internet Explorer only allows add-ons that are specifically listed (and allowe

e executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter Internet Explorer processes in t
e executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter Internet Explorer processes in t
gure this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuratio
gure this policy setting, only VML will be allowed in zones set to 'admin-approved'. Note. If this policy is set in both Computer Configuratio

he related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes c
he related Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes c

do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
do not configure this policy setting, Internet Explorer requires consistent MIME data for all received files.
you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is
you enter a Value of 0 file-type information is allowed to be inconsistent. The Value Name is the name of the executable. If a Value Name is

o enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over
o enable or disable for IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over
e zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process li
e zone security is not applied to local files or content processed by any process other than Internet Explorer or those defined in a process li
ontent processed by Internet Explorer. If you do not configure this policy setting, the Local Machine zone security applies to all local files a
ontent processed by Internet Explorer. If you do not configure this policy setting, the Local Machine zone security applies to all local files a
enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the
enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the

sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure thi
sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure thi

ed in this box take precedence over that setting. If you disable or do not configure this policy setting, the policy setting is ignored.
ed in this box take precedence over that setting. If you disable or do not configure this policy setting, the policy setting is ignored.

nfigure this policy setting, the policy setting is ignored.


nfigure this policy setting, the policy setting is ignored.
ot 0 or 1, the policy setting is ignored. Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Exp
ot 0 or 1, the policy setting is ignored. Do not enter the File Explorer or Internet Explorer processes in this list: use the related Internet Exp

esses. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable o
esses. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable o

ne elevation by Internet Explorer processes.


ne elevation by Internet Explorer processes.
y zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ig
y zone is allowed. The Value Name is the name of the executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ig
u disable or do not configure this policy setting, the security feature is allowed.
u disable or do not configure this policy setting, the security feature is allowed.

hat setting. If you disable or do not configure this policy setting, the security feature is allowed.
hat setting. If you disable or do not configure this policy setting, the security feature is allowed.

setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or d
setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or d
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi
e content over restricted protocols to access my computer." Note. If policy for a zone is set in both Computer Configuration and User Confi

roviders. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setti
roviders. If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setti
to decide the mode of operation for the phishing filter.
to decide the mode of operation for the phishing filter.

u bar is below the navigation bar. The user cannot interchange the positions of the menu bar and the navigation bar. If you do not configur

these three bars, but also the shortcuts to these bars. If you enable this policy setting, the navigation bar, the menu bar, and the Comman
these three bars, but also the shortcuts to these bars. If you enable this policy setting, the navigation bar, the menu bar, and the Comman

n use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note
n use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box. Note

e browser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by res
e browser. Internet Explorer notifies the user when newly installed add-ons are ready for use. The user must choose to activate them by res
enabled add-ons exceeds the threshold. This is the default.
enabled add-ons exceeds the threshold. This is the default.

play the media content when the user clicks on a media link. If unchecked, the content will be played by the default media client on their
, Tracking Protection and Do Not Track data is preserved when the user clicks Delete. If you disable this policy setting, ActiveX Filtering, Tra
, Tracking Protection and Do Not Track data is preserved when the user clicks Delete. If you disable this policy setting, ActiveX Filtering, Tra

r isolation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the comput
r isolation setting will quickly grow to use the specified integer number of tab processes, regardless of the physical memory on the comput
e General tab from the interface.

d, this policy is ignored. Caution: If you enable this policy, users can still run the Certificate Manager Import Wizard by double-clicking a so
tive Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Programs tab from Internet Explorer in
ows 8, the check box is located on the Advanced tab in the Internet Options dialog box. For more information, see "Group Policy Settings in
Note: The default Web page colors are ignored on Web pages in which the author has specified the background and text colors.

ternet Explorer\Internet Control Panel), which removes the Connections tab from the interface. Removing the Connections tab from the in
n which the Web page author has specified the font attributes.

plete for User name and passwords on forms and the option of prompting to save passwords. To display this option, the users open the Int
t. Users can delete browsing history.
t. Users can delete browsing history.

icy removes the General tab from the interface.


k colors are ignored on Web pages on which the author has specified link colors.
ontrol Panel, takes precedence over this policy. If it is enabled, this policy is ignored.

user can choose to turn the Use Windows Search setting on or off. Note: If you enable this policy setting, feeds do not appear in the Addre
user can choose to turn the Use Windows Search setting on or off. Note: If you enable this policy setting, feeds do not appear in the Addre

ocated in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser Menus), which prevents users f

y. If it is enabled, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy.
\User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Secur

be created through a custom administrative template file. For information about creating this custom administrative template file, see the
be created through a custom administrative template file. For information about creating this custom administrative template file, see the
ough older media players in specified zones.
ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

zone that uses MSXML or ADO to access data from another site in the zone.
zone that uses MSXML or ADO to access data from another site in the zone.
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
o High Safety.
o High Safety.
oad files from IFRAMEs on the pages in this zone.
oad files from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon

to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable
estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
nformation using HTML forms on pages in this zone to be submitted.
nformation using HTML forms on pages in this zone to be submitted.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.

ough older media players in specified zones.


ough older media players in specified zones.
in the Internet and Trusted zones.
in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

zone that uses MSXML or ADO to access data from another site in the zone.
zone that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the

oad files from IFRAMEs on the pages in this zone.


oad files from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
nformation using HTML forms on pages in this zone to be submitted.
nformation using HTML forms on pages in this zone to be submitted.
mponents.
mponents.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

ough older media players in specified zones.


ough older media players in specified zones.
in the Internet and Trusted zones.
in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

ether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
ether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
o Medium Safety.
o Medium Safety.
oad files from IFRAMEs on the pages in this zone.
oad files from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon

to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable
estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.

orites, in an XML store, or directly within a Web page saved to disk.


orites, in an XML store, or directly within a Web page saved to disk.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.

ough older media players in specified zones.


ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

ether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
ether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the

oad files from IFRAMEs on the pages in this zone.


oad files from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.
mponents.
mponents.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

ough older media players in specified zones.


ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

e that uses MSXML or ADO to access data from another site in the zone.
e that uses MSXML or ADO to access data from another site in the zone.
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the

o Medium Safety.
o Medium Safety.
e pages in this zone without user intervention.
e pages in this zone without user intervention.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon

to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable
estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable
scripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or script
scripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or script

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.
mponents.
mponents.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

ough older media players in specified zones.


ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

e that uses MSXML or ADO to access data from another site in the zone.
e that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the

e pages in this zone without user intervention.


e pages in this zone without user intervention.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.
mponents.
mponents.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

ough older media players in specified zones.


ough older media players in specified zones.
in the Internet and Trusted zones.
in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

zone that uses MSXML or ADO to access data from another site in the zone.
zone that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
es from IFRAMEs on the pages in this zone.
es from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

tent over the restricted protocols is blocked. If you do not configure this policy setting, all attempts to access such content over the restrict
tent over the restricted protocols is blocked. If you do not configure this policy setting, all attempts to access such content over the restrict

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
nformation using HTML forms on pages in this zone to be submitted.
nformation using HTML forms on pages in this zone to be submitted.
mponents.
mponents.
favorites, in an XML store, or directly within a Web page saved to disk.
favorites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
ough older media players in specified zones.
ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

zone that uses MSXML or ADO to access data from another site in the zone.
zone that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
es from IFRAMEs on the pages in this zone.
es from IFRAMEs on the pages in this zone.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
nformation using HTML forms on pages in this zone to be submitted.
nformation using HTML forms on pages in this zone to be submitted.
mponents.
mponents.
favorites, in an XML store, or directly within a Web page saved to disk.
favorites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp
ding selecting no security), the same change should be made to the Locked-Down equivalent. Note. It is recommended to configure temp

down equivalent have special security settings that protect your local computer.) If you enable this policy setting, you can enter a list of sit
down equivalent have special security settings that protect your local computer.) If you enable this policy setting, you can enter a list of sit

main member, until the user turns off the Notification bar.
main member, until the user turns off the Notification bar.
ough older media players in specified zones.
ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

e that uses MSXML or ADO to access data from another site in the zone.
e that uses MSXML or ADO to access data from another site in the zone.

urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
o Low Safety.
o Low Safety.
e pages in this zone without user intervention.
e pages in this zone without user intervention.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon

to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer

estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable
estricted protocols is blocked. If you do not configure this policy setting, the Notification bar will appear to allow control over questionable

scripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or script
scripted. If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or script

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.

orites, in an XML store, or directly within a Web page saved to disk.


orites, in an XML store, or directly within a Web page saved to disk.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
ly in this zone. The security zone runs without the added layer of security provided by this feature.
not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.

ough older media players in specified zones.


ough older media players in specified zones.

in the Internet and Trusted zones.


in the Internet and Trusted zones.
ther to load XBAPs inside Internet Explorer.
ther to load XBAPs inside Internet Explorer.

hether to load XAML files inside Internet Explorer.


hether to load XAML files inside Internet Explorer.

e that uses MSXML or ADO to access data from another site in the zone.
e that uses MSXML or ADO to access data from another site in the zone.
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the
urity information message and nonsecure content cannot be displayed. If you do not configure this policy setting, the user will receive the

e pages in this zone without user intervention.


e pages in this zone without user intervention.
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
ws NT Challenge Response (also known as NTLM authentication). If Windows NT Challenge Response is supported by the server, the logon
be turned on in this zone, as dictated by the feature control setting for the process.
be turned on in this zone, as dictated by the feature control setting for the process.
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
to a different domain when the source and destination are in the same window. Users can change this setting in the Internet Options dialo
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
hen the source and destination are in different windows. Users can change this setting in the Internet Options dialog. In Internet Explorer
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted
scripted. If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted

are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
are packages from being automatically installed on users' computers. If you disable this policy setting, permissions are set to high safety. If
zone can be submitted automatically.
zone can be submitted automatically.
mponents.
mponents.
orites, in an XML store, or directly within a Web page saved to disk.
orites, in an XML store, or directly within a Web page saved to disk.
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
script-initiated pop-up windows and windows that include the title and status bars cannot be run. This Internet Explorer security feature wi
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone
t configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone

on, and then clicking Save Target As.


ble Save As... menu option" policy, which removes the Save As command, takes precedence over this policy. If it is enabled, this policy is ign
le Open in New Window menu option" policy, which disables this command on the shortcut menu, or the "Turn off Shortcut Menu" policy,
enu, or the "Turn off Shortcut Menu" policy, which disables the entire shortcut menu.

ministrative Templates\Windows Components\Internet Explorer and in \Administrative Templates\Windows Components\Internet Explorer

tting, the user can turn on or turn off image display.


policy setting, the user can allow or prevent the display of placeholders for graphical images while the images are downloading.

r the Internet Explorer process prevail.


r the Internet Explorer process prevail.
is empty or the value is not 0 or 1, the policy setting is ignored. If you enable this policy setting for an application or process in the list, a sc
is empty or the value is not 0 or 1, the policy setting is ignored. If you enable this policy setting for an application or process in the list, a sc

is policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.
is policy setting, the user can select their preference for this behavior. Browsing to the top-result website is the default.

fault. On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Adminis
fault. On at least Windows 8, if the "Do not display the reveal password button" policy setting located in Computer Configuration\Adminis
lete the signup process after the branding is complete for ISPs (IEAK).
for incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings d
for incompatible toolbars. The user can enable or disable incompatible toolbars. Toolbars that are enabled or disabled via policy settings d

y, which prevents users from determining which toolbars are displayed in Internet Explorer and File Explorer.
setting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode availa
setting, Internet Explorer uses a current user agent string. Additionally, all Standards Mode webpages appear in the Standards Mode availa

n Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box. If you do
n Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box. If you do

n all intranet sites will continue to open in Internet Explorer 11.


n all intranet sites will continue to open in Internet Explorer 11.

to allow websites to store data on their computers.


to allow websites to store data on their computers.
n this group policy. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all
n this group policy. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit for all

websites to store data on their computers.


websites to store data on their computers.
set in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit
set in this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum storage limit
this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache re
this policy setting. If you disable or do not configure this policy setting, Internet Explorer will use the default maximum application cache re
plication caches resources. The default is 50 MB.
plication caches resources. The default is 50 MB.
me page. Users can change this option to start with the tabs from the last session.
me page. Users can change this option to start with the tabs from the last session.

nternet Zone • 0 - Trusted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone • 6 - Intranet and Trusted site zones only Binary
nternet Zone • 0 - Trusted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone • 6 - Intranet and Trusted site zones only Binary

ons is provided only if the domain functional level is Windows Server 2008. In domains with a domain functional level of Windows Server 2
is policy setting must be supported and set identically on all domain controllers in the domain.
ntroller does not support claims, compound authentication or armoring which is the default behavior for domain controllers running Wind
oup Policy. If you disable or do not configure this policy setting, the threshold value defaults to 12,000 bytes, which is the default Kerbero
nd authentication any time the client sends a compound authentication request regardless of the account configuration.
always fail when using public key credentials. If you disable or not configure this policy setting, then the DC will never offer the PKInit Fres
e DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. If you disable this p
operable Kerberos V5 realm Value Name or Value entry from the list, click the entry, and then press the DELETE key. To edit a mapping, rem
be used in the path validation of the KDC's X.509 certificate. If you disable or do not configure this policy setting, the Kerberos client requ

ng and then click the Show button. To remove a mapping from the list, click the mapping entry to be removed, and then press the DELETE
st also be enabled to support Kerberos armoring. If you disable or do not configure this policy setting, the client computers in the domain
is computer account when one or more applications are configured for Dynamic Access Control. Always: Compound authentication is alwa
g configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parame
vice will not be able to retrieve claims for clients using Kerberos protocol transition.
es will send a non-compounded authentication request first then a compound authentication request when the service requests compound
ccount authentication using certificates then authentication will fail. If you disable this policy setting, certificates will never be used. If you
individual file servers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on
on, BranchCache settings are not applied to client computers by this policy setting. In this circumstance, which is the default, both V1 and V
nges will not take effect until you restart Windows.

ges will not take effect until you restart Windows.


rity features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a

onnect to files hosted on a Windows Failover Cluster with the File Server for General Use role, as it can lead to adverse failover times and in
start is required for this policy to take effect. Changes take effect immediately.
ivate network" options instead. If you disable or do not configure this policy setting, the default behavior of LLTDIO will apply.
e "Allow operation while in public network" and "Prohibit operation while in private network" options instead. If you disable or do not con

e configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. Note: To create a
e configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration. Note: To create a
d run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the
d run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce. Also, see the

r Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Con
fter logon. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the sy
fter logon. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the sy
equire that no users be logged on. Therefore, they must be processed in the foreground before users are actively using the computer. In ad

r Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Con

o completes the initial Windows setup will see the animation during their first sign-in. If the first user had already completed the initial setu

o disables the user-defined setting, "Show search and site suggestions as I type".
o disables the user-defined setting, "Show search and site suggestions as I type".
ds (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link you wish to add: <https://fabrikam.
ds (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link you wish to add: <https://fabrikam.
nderstanding OpenSearch Standards (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link(s
nderstanding OpenSearch Standards (https://msdn.microsoft.com/en-us/library/dd163546.aspx) topic. Use this format to specify the link(s
he Hub and Favorites Bar.
he Hub and Favorites Bar.

ll remain locked down.


ll remain locked down.
oft Compatibility List isn’t used during browser navigation.
oft Compatibility List isn’t used during browser navigation.
t, click Run, and type mmc.) Users also cannot open a blank MMC console window from a command prompt. If you disable this setting or d
mitted snap-ins setting folder and then disable the settings representing the snap-ins you want to prohibit. If a snap-in setting in the folder
hibited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
hibited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
hibited. To explicitly prohibit use of this snap-in, disable this setting. If this setting is not configured (or enabled), the snap-in is permitted.
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
he Group Policy tab. To explicitly permit use of the Group Policy tab, enable this setting. If this setting is not configured (or disabled), the G
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
itly permitted list of snap-ins" is enabled, users cannot use any snap-in except those explicitly permitted. To explicitly permit use of this sna
effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios will n
downloading. If you disable this policy setting, MSDT never downloads tools, and is unable to diagnose problems on remote computers. If

Detection and verification of file corruption will be performed without UI. Recovery is not attempted. If you enable this policy setting, the
e during installations with elevated privileges, such as installations offered on the desktop or displayed in Add or Remove Programs.
se offered on the desktop or displayed in Add or Remove Programs, only system administrators can install from removable media. Also, see
By default, users can install patches to programs that run in their own security context. Also, see the "Prohibit patching" policy setting.
ograms that a system administrator does not distribute or offer. Note: This policy setting appears both in the Computer Configuration and
ograms that a system administrator does not distribute or offer. Note: This policy setting appears both in the Computer Configuration and
t were created for Windows Installer versions lesser than 4.0. This option lets those packages display the legacy files in use UI while still usin
m privileges, such as installations offered on the desktop or in Add or Remove Programs. This policy setting affects Windows Installer only.

and line switch or the Logging policy. If you disable or do not configure this policy setting, Windows Installer will automatically generate log
so, see the "Enable user to use media source while elevated" and "Hide the 'Add a program from CD-ROM or floppy disk' option" policy setti
ns (offers on the desktop) or publishes (adds them to Add or Remove Programs). This is the default behavior of Windows Installer on Wind
"Enable user to patch elevated products" policy setting.
ter or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not us
ter or to search secure system files. However, because an incomplete installation can render the system or a program inoperable, do not us
urity features operate only when the installation program is running in a privileged security context in which it has access to directories den

on whether the user is an administrator, whether "Disable Windows Installer" and "Always install with elevated privileges" policy settings

stall of the product registered in their user profile.


ure this policy setting, the Windows Installer will use less restrictive rules for component upgrades.
0, the Windows Installer will use available free space for the baseline file cache. If you disable or do not configure this policy setting, the W

. If you disable this policy setting, Windows Installer stores transform files in the Application Data directory in the user's profile. If you do n

ify single-label, unqualified names (such as “PRINTSVR”) for local resources when connected to a different intranet and for temporary acce

he contents of the web page do not matter. The syntax is “HTTP:” followed by a URL. The host portion of the URL must resolve to an IPv6 ad
s setting to have complete NCA functionality.
, it is not applied to any DCs.
nitially unavailable. If the value set in this setting is very small and the DC is not available, the traffic caused by periodic DC discoveries may
he Initial DC Discovery Retry Setting is used. Warning: If the value for this setting is too large, a client may take very long periods to try to fin
arning: If the value for this setting is too small, a client will stop trying to find a DC too soon.

Netlogon share is a share created by the Net Logon service for use by client machines in the domain. The default behavior of the Netlogon

ecify the interval in seconds.

s a share created by the Net Logon service for use by Group Policy clients in the domain. The default behavior of the SYSVOL share ensures
xSearch policy, if it is not disabled or perform NetBIOS name resolution otherwise, to attempt to locate a domain controller that hosts an A
hosting an Active Directory domain specified with a single-label name, by appending different registered DNS suffixes to perform DNS name
figure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
tes.gc._msdcs.<DnsForestName> DcByGuid SRV _ldap._tcp.<DomainGuid>.domains._msdcs.<DnsForestName> GcIpAddress A
s are current and should be preserved in the database. Warning: If the DNS resource records are registered in zones with scavenging enab

rtial replica of every domain in Active Directory. To specify the sites covered by the GC Locator DNS SRV records, click Enabled, and enter t
nfiguration.
nge of values is from 0 to 65535. If you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuratio
more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication. To specify the sites cov
, and then enter the sites names in a space-delimited format. If you do not configure this policy setting, it is not applied to any DCs, and DC

with a higher site link cost. If you enable this policy setting, Try Next Closest Site DC Location will be turned on for the computer. If you disa
me interval and maintain efficient load-balancing of clients across all available domain controllers in all domains or forests. The default time
fixed, this policy can be used to enable the default behavior. If you enable this policy setting, DC Locator APIs can return IPv4/IPv6 DC add
0. However, using the older algorithms represents a potential security risk. If you disable this policy setting, Net Logon will not allow the ne
C location based on DNS names. If you enable this policy setting, this DC does not process incoming mailslot messages that are used for Ne
policy setting does not affect NetBIOS-based discovery for DC location if only the NetBIOS domain name is known. If you enable or do not
only address lookup to discover additional client IP addresses. To specify this behavior in the DC Locator DNS SRV records, click Enabled, an
g result in the following behaviors: 1 - Computers will ping DCs at the normal frequency. 2 - Computers will ping DCs at the higher frequen
r components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components
ttings item is enabled for administrators. Note: Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, r
CP/IP Setting dialog box. Note: This setting is superseded by settings that prohibit access to properties of connections or connection comp
Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
uses. Selecting the check box enables the component, and clearing the check box disables the component. Note: When the "Prohibit acce
till delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)
ose that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections availa
ences item is enabled for all users.
tions or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit acc
tion that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem
ators on post-Windows 2000 computers. If you disable this setting or do not configure it, the Properties button is enabled for administrato
rs on post-Windows 2000 computers. If you do not configure this setting, only Administrators and Network Configuration Operators can en
pears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the
ns folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard. Note: Changing this setting from Enabled
hreats. If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and th
tions settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the rem
users. The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the conn
icking the icon representing the connection, by right-clicking it, or by using the File menu.
perties dialog box for a private connection. Important: If the "Enable Network Connections settings for Administrators" is disabled or not c
he "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or D
onfigured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.

users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by
disabled. If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced
e "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on po

hrough the internal network. If you do not configure this policy setting, traffic between remote client computers running DirectAccess and
tting. If you disable or do not configure this policy setting, apps will use the Internet proxies auto-discovered by Windows Network Isolation

definitions are authoritative" policy setting. If you disable or do not configure this policy setting, Windows Network Isolation attempts to au

ource]|[cloudresource],[proxy]| For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043

their own files and folders for offline use). If you do not configure this policy setting, no files or folders are made available for offline use b
their own files and folders for offline use). If you do not configure this policy setting, no files or folders are made available for offline use b
Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setti
Configuration. Both Computer and User configuration take precedence over a user's setting. This setting does not prevent users from setti
cached files occupy to 10 percent of the space on the system drive. If you do not configure this setting, disk space for automatically cached

NTFS encryption or BitLocker Drive Encryption while on the server. The cached copy on the local computer is affected, but the associated n
records events when the local computer is connected and disconnected from the network. "3" also records an event when the server hos
records events when the local computer is connected and disconnected from the network. "3" also records an event when the server hos
separate the extensions with a semicolon (;). Note: To make changes to this setting effective, you must log off and log on again.
do not configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Confi
do not configure this setting, users can work offline by default, but they can change this option. This setting appears in the Computer Confi
the setting in User Configuration. Tip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click t
the setting in User Configuration. Tip: To view the Offline Files Folder, in Windows Explorer, on the Tools menu, click Folder Options, click t
on. Tip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this
on. Tip: This setting provides a quick method for locking down the default settings for Offline Files. To accept the defaults, just enable this
computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
computers running Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista.
Offline" command is available for all files and folders. Notes: This policy setting appears in the Computer Configuration and User Configura
Offline" command is available for all files and folders. Notes: This policy setting appears in the Computer Configuration and User Configura
is in effect, the system disables the "Enable reminders" option on the Offline Files tab This setting appears in the Computer Configuration a
is in effect, the system disables the "Enable reminders" option on the Offline Files tab This setting appears in the Computer Configuration a

tion. Tip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, a
tion. Tip: To set reminder balloon frequency without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, a

ps / 100]. For example, if you want to set a threshold value of 128,000 bps, enter a value of 1280.
ter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
ter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence o
re current. If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a
re current. If you do not configure this setting and Synchronization Manager is configured for logon synchronization, the system performs a
is not performed.
is not performed.

figure the slow-link mode by specifying threshold values for Throughput (in bits per second) and/or Latency (in milliseconds) for specific UN
policy setting, the system limits the space that offline files occupy to 25 percent of the total space on the drive where the Offline Files cach
e synchronized with the server on a regular basis. You can also configure Background Sync for network shares that are in user selected Wor
y setting when the network connection to the server is slow. For example, you can configure a value of 60 ms as the round trip latency of t

on the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will publ
ications cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud

tting, leave the seed server list empty, leave the checkbox unchecked. 2. In order to use a corporate seed server only, enable the setting; in
ng on the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will pu
ications cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud

ng on the same subnet. If this setting is not configured, the protocol will revert to using a public registry key to determine whether it will pu
ications cannot use this cloud to publish or resolve names regardless of whether the computer has an IPv6 address that matches the cloud
If the user forgets their PIN, they must delete their existing PIN and create a new one, and they will have to to re-register with any service

rgot my PIN" from Settings.


dentials, but can performed elevated tasks without signing-out. This policy setting is incompatible with Windows Hello for Business creden
d drivers blocked due to compatibility issues. Note: This policy setting has no effect if the "Turn off Program Compatibility Assistant" policy

an specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individ
you can specify Not Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache clie
ttings are not applied to client computers by this policy. In the circumstance where client computers are domain members but you do not w
ou do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group Policy setting, and th
Select one of the following: - Not Configured. With this selection, BranchCache latency settings are not applied to client computers by this
nch office. If client computers detect hosted cache servers, hosted cache mode is turned on. If they do not detect hosted cache servers, h
s selection, this policy setting is not applied to client computers, and the clients run the version of BranchCache that is included with their
s applied. For this policy setting to take effect, you must also enable the "Turn on BranchCache" policy setting. This policy setting can only
, and then configure local computer policy to enable BranchCache client computer cache age settings on individual client computers. Beca

e any Windows Boot Performance problems that are handled by the DPS. If you do not configure this policy setting, the DPS will enable Wi
ble to detect, troubleshoot or resolve any Windows Standby/Resume Performance problems that are handled by the DPS. If you do not co
shoot or resolve any Windows System Responsiveness problems that are handled by the DPS. If you do not configure this policy setting, th
eshoot or resolve any Windows Shutdown Performance problems that are handled by the DPS. If you do not configure this policy setting, t
ng, the computer system safely shuts down to a fully powered-off state.

able the slide show feature.


able the slide show feature.

Policy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy settin
Policy Editor. The "Computer Configuration" has precedence over "User Configuration." If you disable or do not configure this policy settin
ether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and sna
ether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and sna
abled by default, although transcripting can still be enabled through the Start-Transcript cmdlet. If you use the OutputDirectory setting t
abled by default, although transcripting can still be enabled through the Start-Transcript cmdlet. If you use the OutputDirectory setting t
Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
uration policy setting.
uration policy setting.

Browse a common Web site to find printers" setting in User Configuration\Administrative Templates\Control Panel\Printers.
lication processes. Notes: -This policy setting applies only to applications opted into isolation. -This policy setting applies only to print driv
ck the General tab, and then click "Enable Web content in folders.") Also, see the "Activate Internet printing" setting in this setting folder a
art", click "Control Panel", and then click "Network and Internet". On the "Network and Internet" page, click "Network and Sharing Center"
n the Add Printer Wizard, and users cannot search the network but must type a printer name. Note: This setting affects the Add Printer W
f the client while decreasing the load on the server. If you do not enable this policy setting, the behavior is the same as disabling it. Note:

er's left pane" and "Activate Internet printing" settings in "Computer Configuration\Administrative Templates\Printers."
isabled upon installation of service packs or reinstallation of the Windows XP operating system. This policy does not apply to 64-bit kernel-
However, if users have not added a printer when this setting is applied, they cannot print. Note: You can use printer permissions to restrict

ou enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you disable or do not configure this policy setti

print servers approved by the network administrator. When using package point and print, client computers will check the driver signature o

print servers approved by the network administrator. When using package point and print, client computers will check the driver signature o
ular printer or group of printers that you want them to use. If you disable this setting or do not configure it, and the user does not type a lo
ties dialog box. If you enable the Group Policy Computer location setting, the default location you entered appears in the Location field by d
ction drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any s
ction drivers need to be updated. If you do not configure this policy setting: -Windows Vista client computers can point and print to any s

s policy setting takes effect without restarting the print spooler service.
t affected. -This policy setting takes effect without restarting the print spooler service.
fessional and Home SKUs will continue to search for compatible Point and Print drivers from Windows Update, if needed. However, you mu
nnot republish printers in Active Directory automatically, by default, the system never prunes their printer objects. You can enable this setti
Note: This setting is used only on domain controllers.

mber of retries. If you enable this setting, you can change the interval between attempts. If you do not configure or disable this setting, th
empt, its printers are pruned from the directory. If you enable this policy setting, the contact events are recorded in the event log. If you d

y disconnected from the network. Note: You can use the "Directory Pruning Interval" and "Directory Pruning Retry" settings to adjust the c
t prevent users from using other tools and methods to install or uninstall programs.

he Start menu.

setting is enabled, users cannot view the programs that have been published by the system administrator, and they cannot use the "Get Pr

that network adapter.

oubleshoot or resolve any Windows Resource Exhaustion problems that are handled by the DPS. If you do not configure this policy setting
er your computer" and "Reinstall Windows" (or "Return your computer to factory condition") in Recovery (in Control Panel) will be unavaila
er configuration settings that turn off hard disks after a period of inactivity. These power settings may be accessed in the Power Options Co

the Shutdown Event Tracker is displayed when you shut down a computer running a client version of Windows. (See "Supported on" for sup
perties in the Control Panel.
u do not configure this policy setting, application-based settings are used.

Users can also configure Remote Assistance settings. If you enable this policy setting, you have two ways to allow helpers to provide Remo
computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users o

ndows NT4 Server Endpoint Mapper Service. If you do not configure this policy setting, it remains disabled. RPC clients will not authentica
xtended error information. You must select an error response type in the drop-down box. -- "Off" disables all extended error information
ations that ask for delegation and connect to servers using constrained delegation. If you do not configure this policy setting, it remains dis
Proxy run on an older version of Windows, this policy setting will be ignored. The minimum allowed value for this policy setting is 90 secon
tting, it remains disabled. The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows
ffect on performance and uses only about 4K of memory, this setting is not recommended for most installations. -- "Auto1" directs RPC to
ipts complete. By default, each startup script must complete before the next one runs. Also, you can use the ""Run logon scripts synchrono
User Configuration.
User Configuration.

rs, DesktopIT and DesktopSales. For DesktopIT, GPOs A, B, and C are applied. Therefore, the scripts for GPOs B and C run in the following o
and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: Within GPO B: B.ps1, B.cmd Within GPO C: C
and C are applied. Therefore, the scripts for GPOs B and C run in the following order for Qin: Within GPO B: B.ps1, B.cmd Within GPO C: C

available locally on their computers, even if they are connected to the Internet. They are prevented from connecting to the Microsoft serv
d in the control panel. If no local troubleshooting preference is configured, scheduled diagnostics are enabled for detection, troubleshooti

lution) must be used for the location of the index to maintain security for encrypted files.

the "Don't search the web or display web results in Search" policy setting, queries won't be performed on the web over metered connectio

mailboxes. The "Enable Indexing of Uncached Exchange Folders" policy has no effect on online delegate mailboxes. To stop indexing of onl
ook in cached mode.

name/_layouts/XXXX/searchresults.aspx?SearchString=$w This adds intranet search location to: 1) The Windows Deskbar 2) The Desktop
uld resemble the following, where XXXX is the locale ID of your WSS Service. For example, the English locale ID is 1033. http://sitename/_l

sion to install new components. If your users have Administrator permissions or can install software, this policy prevents them from specifi
l list of paths to index is not restored.

ng will have no effect. If you do not congifure this policy setting, the Security Center is turned off for domain members. If you enable this

tting, Server Manager is available from the Start menu or the Windows taskbar.
e this policy setting, Server Manager does not refresh automatically. If you do not configure this policy setting, Server Manager uses the ref

m:” and include the index of the image to use in the WIM file. For example “wim:\\server\share\install.wim:3”. If you disable or do not con

ll automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to shar
ll automatically be shared with Microsoft. If you do not configure this policy, Tablet PC users can choose whether or not they want to shar

ng File Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting.
File Explorer. Note: Non-Microsoft applications with Windows 2000 or later certification are required to comply with this policy setting. N
s XP, and Windows 2003 Server will be shown, otherwise the the certificate with the expiration time furthest in the future will be shown. N
pt to read the default certificate from those cards that do not support retrieval of all certificates in a single call. Certificates other than the

e will be reversed. If you disable , the subject name will be displayed as it appears in the certificate.

th the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run

NMP Read operation is allowed for the community. If you disable or do not configure this policy setting, the SNMP service takes the Valid C
ermitted managers configured on the local computer instead. Best practice: For security purposes, it is recommended to restrict the HKLM
cy setting, the SNMP service takes the trap configuration configured on the local computer instead. Note: This setting has no effect if the SN

Denied message unless the file server is configured to display the customized Access Denied message. By default, users see the standard A
o, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. T
: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab

ecifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus"
skbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
t program in the Run dialog box.

C path, such as \\Server\Share\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users c
C path, such as \\Server\Share\Layout.xml. If the specified file is not available when the user logs on, the layout won't be changed. Users c
utton on the Windows Security screen is also available. Note: Third-party programs certified as compatible with Microsoft Windows Vista, W
e Start menu. The Power button on the Windows Security and logon screens is also available.

ndows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system ad
he context menu when you right-click an icon representing a drive or a folder. This policy setting affects the specified user interface eleme

nu" and "Do not allow pinning programs to the Taskbar" policy settings.
dows. If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in St
ttings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Con

uently used files, folders, and websites. Note: The system saves document shortcuts in the user profile in the System-drive\Users\User-nam
t Menu, and users cannot remove it. If the setting is not configured, users can turn the Recent Items menu on and off. Note: This setting d
artitions. FAT partitions do not have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during roaming" and t
es on NTFS partitions. FAT partitions do not have this ID tracking and search capability. Also, see the "Do not track Shell shortcuts during ro
mand in the Start menu and in Task Manager and use the Internet Explorer Address Bar. Note:This setting affects the specified interface on
"Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.

Default Programs control panel.

profiles, the folders appear in the directory but not on the Start menu. If you disable this setting or do not configured it, Windows 2000 Pr
, and the user can change the view.

custom toolbars, and the "Toolbars" command appears in the context menu.

ou disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu

methods to log off. Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the S

e" policy setting is enabled, the "Turn off System Restore configuration" policy setting is overwritten.
y setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setti
policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able
policy, application auto complete lists will appear next to Input Panel in applications where the functionality is available. Users will be able
setting on the Opening tab in Input Panel Options. Caution: If you enable both the “Prevent Input Panel from appearing next to text entry
setting on the Opening tab in Input Panel Options. Caution: If you enable both the “Prevent Input Panel from appearing next to text entry
this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in app
this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in app
put Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this b
put Panel Options dialog box. If you do not configure this policy, Input Panel will appear next to text entry areas in applications where this b
g in the Input Panel Options dialog box. If you enable this policy and choose “Medium-Low” from the drop-down box, password security i
g in the Input Panel Options dialog box. If you enable this policy and choose “Medium-Low” from the drop-down box, password security i
converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this policy, rare
converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable this policy, rare
ant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will no
ant," users will be able to use the Z-shaped scratch-out gesture that was available in Microsoft Windows XP Tablet PC Edition. Users will no
ble to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will provide text predictio
ble to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, Input Panel will provide text predictio
the user opens appear in the menus, including files located remotely on another computer. Note: This setting does not prevent Windows

calendar will be set according to the default logic.


g any program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting. Note: This setting appears
g any program into the Scheduled Tasks folder. To prevent this action, use the "Prohibit Drag-and-Drop" setting. Note: This setting appears
hecked by default even if this setting is Disabled or Not Configured. Note: This setting appears in the Computer Configuration and User Con
hecked by default even if this setting is Disabled or Not Configured. Note: This setting appears in the Computer Configuration and User Con
Configuration takes precedence over the setting in User Configuration.
Configuration takes precedence over the setting in User Configuration.
ecedence over the setting in User Configuration. Tip: This setting affects existing tasks only. To prevent users from changing the properties
ecedence over the setting in User Configuration. Tip: This setting affects existing tasks only. To prevent users from changing the properties

outer name is not resolved successfully, ISATAP connectivity is not available on the host using the corresponding IPv4 address. Policy Enab

v4 address is present, the host will not have a 6to4 interface. If no global IPv6 address is present and a global IPv4 address is present, the h

computer. The default refresh rate is 30 seconds.

nformation). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.
f an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote compu
rs can start any program on the RD Session Host server when they start a Remote Desktop Services session. For example, a remote user ca
perience tab in Remote Desktop Connection (RDC) or by using the "allow desktop composition" setting in a Remote Desktop Protocol (.rdp)
do not configure this policy setting, you can configure the RD Session Host server to participate in RD Connection Broker load balancing by

m before the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server. If you disable or do n
m before the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server. If you disable or do n
Protocol (.rdp) file. If you enable this policy setting, font smoothing will not be allowed for remote connections, even if font smoothing is

e client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that co
mote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client. If you do not configure this po
secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not r
alog box, look for the phrase Network Level Authentication supported. If you disable this policy setting, Network Level Authentication is no
certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollme
cify an alternate authentication method, the authentication method that you specify in this policy setting is used by default. If you disable
To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" p
used. To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you mus
xperience tab in Remote Desktop Connection.
color depth for connections is not specified at the Group Policy level. Note: 1.Setting the color depth to 24 bits is only supported on Wind

etting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. Note: You can limit whi
on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
Desktop Services session, depending on the client configuration. If the status is set to Not Configured, the default behavior applies.
he computer field name or from the command line.
terval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999. If you disab
ain as the RD Session Host server. If you disable or do not configure this policy setting, the RD Session Host server does not specify a licens
n Host server after you log on as a local administrator.
fied at the Group Policy level.
want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999. If the status is set to Enabled
ssion. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remai

n: Allows the administrator to watch the session of a remote user without the user's consent. If you disable this policy setting, administrat
n: Allows the administrator to watch the session of a remote user without the user's consent. If you disable this policy setting, administrat

ath and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to
ath and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to
Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
o the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client conn
as, because Remote Desktop Services automatically appends this at logon. Note: The Drive Letter field is ignored if you choose to specify a
work share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop
Services Roaming User Profile" policy setting.
he exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of
group is empty. If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Sessio
n, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following: * A client connecting to a W
ws Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when conn
e audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a
edirection is allowed. If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is spe

he client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Rem
he client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Rem
board file copy redirection is always allowed if Clipboard redirection is allowed. If you do not configure this policy setting, client drive redir

er.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is ru

able driver. If one is not found, the client's printer is not available. This is the default behavior. "Default to PCL if one is not found" - If no su

mmunication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.
in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Des
s policy setting, the farm name is not specified at the Group Policy level. Notes: 1. This policy setting is not effective unless both the Join R
setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a clien
r do not configure this policy setting, the policy setting is not specified at the Group Policy level. Notes: 1. For Windows Server 2008, this p
ny session that reaches its time-out limit. If you disable this policy setting, Remote Desktop Services always disconnects a timed-out sessio
ny session that reaches its time-out limit. If you disable this policy setting, Remote Desktop Services always disconnects a timed-out sessio
enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session,
enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session,
level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote
level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote
ote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instea
ote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instea
te computer at logoff, unless specified otherwise by the server administrator. Note: This setting only takes effect if per-session temporary f
er's profile folder on the remote computer. If you disable this policy setting, per-session temporary folders are always created, even if the

tly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. If you disable th
y directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. If you dis
nfiguration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination
figuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination o
rompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration. If you disable or do not configure
r to connect to the RD Session Host server without authenticating the RD Session Host server. Do not connect if authentication fails: The cl
ndwidth than high quality. If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechan

orithm that balances memory usage and bandwidth is used. You can also choose not to use an RDP compression algorithm. Choosing not t

U enabled, the policy has to be set on the Hyper-V host machine. If you set the encoding option to “Attempt only for non-RemoteFX vGPU

a rich user experience over LAN connections and RDP 7.1. If you disable this policy setting, RemoteFX will be disabled. If you do not config
for image quality. By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN c
odec will not be able to connect to this server. This policy setting applies only to clients that are using Remote Desktop Protocol (RDP) 7.1,
when setting up the default connection URL. If you disable or do not configure this policy setting, the user has no default connection URL.
will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-

ects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered s

system managed TPM authentication setting you choose. Choose the operating system managed TPM authentication setting of "Full" to s
ows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigati
policy setting to configure the Group Policy list of blocked TPM commands. If you disable or do not configure this policy setting, Windows
mands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
ed. Authorization failures older than this duration are ignored. For each standard user two thresholds apply. Exceeding either threshold w
rization failure occurred. Authorization failures older than the duration are ignored. For each standard user two thresholds apply. Exceedin
ating an authorization failure occurred. Authorization failures older than the duration are ignored. For each standard user two thresholds a
s, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was on

custom templates in the settings template catalog. If there are custom templates in the settings template catalog which use the same ID as
setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.
setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.

rom the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabl
rom the synchronization settings. If any of the Microsoft Office Suite 2016 applications are enabled, this policy setting should not be disabl
this policy setting, any defined values will be deleted.
this policy setting, any defined values will be deleted.

uite 2016 applications continue to synchronize with UE-V. If you disable this policy setting, user settings which are common between the M
uite 2016 applications continue to synchronize with UE-V. If you disable this policy setting, user settings which are common between the M
ynchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ynchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
tion with UE-V. If you do not configure this policy setting, any defined values will be deleted.
tion with UE-V. If you do not configure this policy setting, any defined values will be deleted.
uded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
uded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ttings are excluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ttings are excluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
m synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
m synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
cluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
cluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ation with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ation with UE-V. If you do not configure this policy setting, any defined values will be deleted.
onization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
onization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
rom the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabl
rom the synchronization settings. If any of the Microsoft Office Suite 2013 applications are enabled, this policy setting should not be disabl

this policy setting, any defined values will be deleted.


this policy setting, any defined values will be deleted.
uite 2013 applications continue to synchronize with UE-V. If you disable this policy setting, user settings which are common between the M
uite 2013 applications continue to synchronize with UE-V. If you disable this policy setting, user settings which are common between the M
ynchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ynchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ed from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ed from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
tion with UE-V. If you do not configure this policy setting, any defined values will be deleted.
tion with UE-V. If you do not configure this policy setting, any defined values will be deleted.
uded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
uded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ttings are excluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ttings are excluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
m synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
m synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
cluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
cluded from synchronization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ffice 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. If you do not configure this policy setting, an
ffice 365 SharePoint Designer 2013 user settings are excluded from synchronization with UE-V. If you do not configure this policy setting, an
ation with UE-V. If you do not configure this policy setting, any defined values will be deleted.
ation with UE-V. If you do not configure this policy setting, any defined values will be deleted.
onization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
onization with UE-V. If you do not configure this policy setting, any defined values will be deleted.
rom the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabl
rom the synchronization settings. If any of the Microsoft Office Suite 2010 applications are enabled, this policy setting should not be disabl
m the settings synchronization. If you do not configure this policy setting, any defined values will be deleted.
m the settings synchronization. If you do not configure this policy setting, any defined values will be deleted.
ed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data betw
ed for settings sync. This could use OneDrive, Work Folders, SharePoint or any other engine that uses a local folder to synchronize data betw
ble this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtua
ble this policy setting on computers running in a non-persistent VDI environment. The VDI Collection Name defines the name of the virtua
ngs configuration in Windows.
ngs configuration in Windows.
any Settings Center remains accessible through the Control Panel and the Start menu or Start screen. If you do not configure this policy se

this policy setting, only the user is given full control of their user profile, and the administrators group has no file system access to this fold
for the correct permissions if the profile folder already exists, and not copy files to or from the roaming folder if the permissions are not co
f you disable or do not configure this policy setting, the system uses the definitions introduced with Windows 2000. %HOMESHARE% store
e or do not configure this policy setting, Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the use
the speed of the connection between the user's computer and profile server. If the connection is slow (as defined by the "Slow network co
le before Windows detects the network connection speed. If you disable or do not configure this policy setting, the system does not consu
Files folders are excluded from the user's roaming profile. In operating systems earlier than Microsoft Windows Vista, only the History, Loca
rs when profiles are deleted from the machine. This will improve the performance of Group Policy based Software Installation during user
operating systems earlier than Microsoft Windows Vista, Windows will not allow users to log off until the profile size has been reduced to w
rofile, rather than the roaming profile. At logoff, changes are saved to the local profile. All subsequent logons use the local profile. If you d
value is 30 seconds. To use this policy setting, type the number of seconds Windows should wait for user input. The minumum value is 0 se
of roaming profiles" policy setting.
attempts 60 times (over the course of one minute). If you enable this policy setting, you can adjust the number of times the system tries t
with the server (roaming) copy when the user logs off. If you disable or not configure this policy setting, the default behavior occurs, as in
e user is consulted (as set in the "Prompt user when slow link is detected" policy setting), but does not respond in the time allowed (as set
etting, Windows considers the network connection to be slow if the server returns less than 500 kilobits of data per second or take 120 mil

work paths are accessible. Note: You should not use this policy setting to suspend any of the root redirected folders such as Appdata\Roam
egistry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
the network. If you disable or do not configure this policy setting, Windows waits for the network for a maximum of 30 seconds.
h specified in this policy. If you disable or do not configure this policy setting, users logging on this computer will use their local profile or st
user is logged on. If "Run at specified time of day" is chosen, then a time of day must be specified. Once set, Windows uploads the registr
tion apps (not desktop apps) that have the enterprise authentication capability will not be able to retrieve the user's UPN, SIP/URI, and DN

user has a roaming profile, the roaming profile is downloaded on the user's primary computer only. If you disable or do not configure this
specify a placeholder for the user name because the user name will be appended at logon. Note: The Drive letter box is ignored if you cho
cceed. More information about setting up AD DS backup for BitLocker is available on Microsoft TechNet. BitLocker recovery information inc
8-digit recovery password as a text file and the 256-bit recovery key as a hidden file. Saving to a folder will store the 48-digit recovery pass
setup wizard will display the computer's top-level folder view when the user chooses the option to save the recovery password in a folder.
gure this policy setting, BitLocker will use the default encryption method of AES 128-bit with Diffuser or the encryption method specified b
e bit strength (128-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Win
. If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "Choose

ery screen. If a recovery URL is available, include it in the message. If you select the "Use custom recovery URL" option, the URL you type i

vailable on the drive. If you enable this policy setting, users can configure a password that meets the requirements you define. To enforce

when the identification field on the drive matches the value configured in the identification field. In a similar manner, BitLocker will only up
d for BitLocker. If you enable this policy setting, the object identifier specified in the "Object identifier" box must match the object identifie
s ignored. The setting that controls boot debugging (0x16000010) will always be validated and will have no effect if it is included in the pro
f BitLocker recovery information" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a
gure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
ash drive containing a startup key is needed on computers without a compatible TPM. Without a TPM, BitLocker-encrypted data is protecte
ted the access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable or if you have forgotten the pass
he information exchanged with the server to unlock the computer. You can use the group policy setting "Computer Configuration\Window
her the recovery password or recovery key be provided to unlock the drive. If you disable or do not configure this policy setting, the TPM u
PCR profile for computers using native UEFI firmware. If you enable this policy setting before turning on BitLocker, you can configure the b
S configurations or computers with UEFI firmware with a CSM enabled. If you enable this policy setting before turning on BitLocker, you ca
kout period back to default if the TPM is reset.
ocker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by defau
ot turn on BitLocker on a device that uses the Windows touch keyboard. Note that if you do not enable this policy setting, options in the "

. When this policy is enabled and the hardware is capable of using Secure Boot for BitLocker scenarios, the "Use enhanced Boot Configura
ether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. Select "Omit recovery
drive. If you enable this policy setting, users can configure a password that meets the requirements you define. To require the use of a pas

d fixed drives" check box to help prevent users from running BitLocker To Go Reader from their fixed drives. If BitLocker To Go Reader (bitlo
policy setting, smart cards can be used to authenticate user access to a BitLocker-protected drive.
gure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
annot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default when
" select whether users are allowed, required, or not allowed to generate a 48-digit recovery password or a 256-bit recovery key. Select "Om
nding BitLocker protection. If you do not configure this policy setting, users can use BitLocker on removable disk drives. If you disable this
ng, users can configure a password that meets the requirements that you define. To require the use of a password, select "Require passwor
our organization" policy setting. If you disable or do not configure this policy setting, all removable data drives on the computer will be mo
AT formatted removable drives" check box to help prevent users from running BitLocker To Go Reader from their removable drives. If BitLoc
onfigure this policy setting, smart cards are available to authenticate user access to a BitLocker-protected removable data drive.
gure this policy setting, the BitLocker setup wizard will ask the user to select the encryption type before turning on BitLocker.
cker cannot use hardware-based encryption with operating system drives and BitLocker software-based encryption will be used by default
eriod This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time sam
Type This value controls the authentication that W32time uses. The default value is NT5DS. CrossSiteSyncFlags This value, expressed as

etwork or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional n
ons to either the Internet or to a Windows domain, Windows disconnects the less preferred connection when the amount of network traffi
eleted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
If you do not configure this policy setting, the DPS enables all scenarios for resolution by default, unless you configure separate scenario-sp

vice will remain running. If both are disabled, the service will be stopped.

f you disable this setting, definition retirement will be disabled.


other value, or if the value does not exist, resolves to the default (0). If you enable this setting, the specified type of monitoring will be ena
ources will be contacted in a default order.

tion state of the device. Setting to 2 (Never send) means the “Block at First Sight” feature will not function. Real-time Protection -> The “Sc

identify you or contact you. Possible options are: (0x0) Disabled (default) (0x1) Basic membership (0x2) Advanced membership Basic me

false positives) (0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact client pe

tting. Default system folders are automatically guarded, but you can add folders in the configure protected folders GP setting.
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 0 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 1 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx 2

usted. You can add additional trusted applications in the Configure allowed applications GP setting.

hat are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box s
ck Open. Note: In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style.
ndows 2000 or later certification to adhere to this setting.
at are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box sty
able the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are e
indows\CurrentVersion\Shell Extensions\Approved.
t target path. If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target fil

ss these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive charac
om lists of network resources, use the "No Computers Near Me in Network Locations" setting. Note: It is a requirement for third-party app

er's default context menu" setting.


nly available on Windows XP Professional.
ote: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

es with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it mi

Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu an

xplaining that a setting prevents the action. Also, this setting does not prevent users from using programs to access local and network driv

ng the share name in the Run dialog box or the Map Network Drive dialog box. To remove network computers from lists of network resour
tallation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might comple

set of folders. If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited
set of folders. If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited

e shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet se
n" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search site
are different. Note: If the paths point to different network shares, this policy setting is not required. If the paths point to the same netwo

es. If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled. If you disable or do not configure th
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu
er. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same bu

th the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run

ride default file type and protocol associations.

on Windows Server 2003.


d file change detection that Windows File Protection provides.
Note: You define entries in this list by using Security Descriptor Definition Language (SDDL) strings. For more information about the SDDL fo
st, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show bu
all with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in
n your DNS domain network" policy setting overrides.
settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the "Block all incoming
y of these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defend
he listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send tho
to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable t
Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is sele
on, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the lo
urity snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Comp
olicy setting does not control connections to SVCHOST.EXE and LSASS.EXE. If you enable this policy setting, Windows Defender Firewall allo
exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the "R
nt by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere w
and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Defender Fir
st, enable the policy setting and then click the Show button. To add a program, enable the policy setting, note the syntax, click the Show bu
all with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in
n your DNS domain network" policy setting overrides.
settings that allow unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the "Block all incoming
y of these ports by adding them to a local port exceptions list, Windows Defender Firewall does not open the port. In the Windows Defend
he listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send tho
to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable t
Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is sele
on, remove the current definition from the list and add a new one with different parameters. To allow administrators to add ports to the lo
urity snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Comp
olicy setting does not control connections to SVCHOST.EXE and LSASS.EXE. If you enable this policy setting, Windows Defender Firewall allo
exceptions list, Windows Defender Firewall does not open the port. In the Windows Defender Firewall component of Control Panel, the "R
nt by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere w
and Play messages. If an administrator attempts to open these ports by adding them to a local port exceptions list, Windows Defender Fir

ndows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and p

fessional operating systems.

rom the Internet check box.


e Player to full mode and cannot choose a different skin. If you disable or do not configure this policy setting, users can display the Player i
e entire Network tab is hidden. This policy is ignored if the "Streaming media protocols" policy setting is enabled and HTTP is not selected.
tting is enabled and Multicast is not selected. If you disable this policy setting, the MMS proxy server cannot be used and users cannot con
d users cannot change the RTSP proxy settings. If you do not configure this policy setting, users can configure the RTSP proxy settings.

tab is selected. If you enable this policy setting, the administrator must also specify the protocols that are available to users on the Netwo
o run" policy setting. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present,
o run" policy setting. Note: This policy setting is available under both Computer Configuration and User Configuration. If both are present,

ns on the addresses specified by the IPv4 and IPv6 filters. The IPv4 filter specifies one or more ranges of IPv4 addresses, and the IPv6 filter

then disable this policy setting,any values that were previously configured for RunAsPassword will need to be reset.

channel binding token is accepted (though it is not protected from credential-forwarding attacks). If HardeningLevel is set to None, all req

nd Internet products that you can download to keep your computer up to date. Also, see the "Remove links and access to Windows Updat
licy setting has no impact if the User Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Ins
licy setting has no impact if the Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not displa
move all access to Windows Update features and no notifications will be shown. 1 = Show restart required notifications This setting will sh
eady to be installed Windows finds updates that apply to the computer and downloads them in the background (the user is not notified or
om an alternate download server instead of the intranet update service. If the status is set to Enabled, the Automatic Updates client conne

anges. There are two situations where the effect of this setting depends on the operating system: Hide/Restore updates, and Cancel an ins

w me later" to defer the notification as appropriate. In Windows 7, this policy setting will only control detailed notifications for optional app
he system is on battery power, when Windows Update wakes it up, it will not install updates and the system will automatically return to hib
tomatic Updates is configured to perform scheduled installations of updates. If the "Configure Automatic Updates" policy is disabled, this p

bled, this policy has no effect.


r is directed to is configured to support client-side targeting. If the "Specify intranet Microsoft update service location" policy is disabled or
cy setting. Note: This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.

n through Settings -> Update and Security -> Windows Insider Program. Admins can also use other policies to manage flight settings on beh
ted): Receive feature updates when they are released to the general public. * Semi-Annual Channel: Feature updates will arrive when they

edule) to automatically executed, within the specified period. If no deadline is specified or deadline is set to 0, the restart will not be autom

native, or Windows 2000 mixed functional level domains, if you enable this setting, a warning message will appear that Windows could no
on hours expiration warnings” setting will have no effect, and users receive no warnings about logon hour expiration
he existing session, but cannot log on to a new session. Note: If you configure this setting, you might want to examine and appropriately c

the system displays the Explorer interface. Tip: To find the folders indicated by the Path environment variable, click System Properties in C
d services are available. If this policy setting is disabled, both "Connect to suggested open hotspots," "Connect to networks shared by my c

not configure this policy setting, Work Folders uses the "Force automatic setup" option of the "Specify Work Folders settings" policy setting
pecified. The "Force automatic setup" option specifies that Work Folders should be set up automatically without prompting users. This pre

mputer will connect to WNS at user login and applications will be allowed to poll for tile notification updates in the background. No reboo

ndows apps are not allowed to access cellular data and employees in your organization cannot change it. If you disable or do not configure
rams" setting or the "Hide Add New Programs page" setting is enabled.

can still install programs by using other methods, and they can view and install assigned (partially installed) programs that are offered on th

ts the wizard, that option is selected automatically, and the page is bypassed. To remove "Set up services" and prevent the Windows Comp

bit installers or other 16-bit components cannot run. If the status is set to Disabled, the MS-DOS subsystem runs for all users on this comp

ovide mitigations for application problems. If the engine is turned off, these mitigations will not be applied to applications and their installe

CA, go to System->Troubleshooting and Diagnostics->Application Compatibility Diagnostics. Note: The Diagnostic Policy Service (DPS) and P

2. Allows image copying. - 3. Allows both text and image copying. If you disable or don't configure this setting, all clipboard functionality is

hange it. If you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can acce
ot configure this policy setting, employees in your organization can decide whether Windows apps can access the calendar by using Setting
not configure this policy setting, employees in your organization can decide whether Windows apps can access the call history by using Setti
nfigure this policy setting, employees in your organization can decide whether Windows apps can access the camera by using Settings > Pr
policy setting, employees in your organization can decide whether Windows apps can access contacts by using Settings > Privacy on the de
ng, employees in your organization can decide whether Windows apps can access email by using Settings > Privacy on the device. If an app
olicy setting, employees in your organization can decide whether Windows apps can access location by using Settings > Privacy on the devi
r do not configure this policy setting, employees in your organization can decide whether Windows apps can read or send messages by usin
disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access the microphon
t configure this policy setting, employees in your organization can decide whether Windows apps can access motion data by using Settings
ot configure this policy setting, employees in your organization can decide whether Windows apps can access notifications by using Setting
ure this policy setting, employees in your organization can decide whether Windows apps can make phone calls by using Settings > Privacy
or do not configure this policy setting, employees in your organization can decide whether Windows apps have access to control radios by u
unpaired wireless devices and employees in your organization cannot change it. If you disable or do not configure this policy setting, emplo
, employees in your organization can decide whether Windows apps can access tasks by using Settings > Privacy on the device. If an app is
ble or do not configure this policy setting, employees in your organization can decide whether Windows apps can access trusted devices by
ble or do not configure this policy setting, employees in your organization can decide whether Windows apps can run in the background by
wed to get diagnostic information about other apps and employees in your organization cannot change it. If you disable or do not configure

the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the
sh, select 0. User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
sh, select 0. User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
sh, select 0. User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
sh, select 0. User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
sh, select 0. User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).

this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.

ardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
ardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.

dler over the file type. If you do not configure this policy setting, Windows uses its default trust logic, which prefers the file handler over th
types. If you disable this policy setting, Windows sets the default risk level to moderate. If you do not configure this policy setting, Window

Command line arguments can contain sensitive or private information such as passwords or user data.
ehavior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will pro
ehavior of automatically executing the autorun command. If you disable or not configure this policy setting, Windows Vista or later will pro

ure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration fo
ure this policy setting, AutoPlay is enabled. Note: This policy setting appears in both the Computer Configuration and User Configuration fo

e of 90 (days) will be used for the inactive job timeout.

d base the limit on the speed of the network link, not the computer's network interface card (NIC). This policy setting does not affect Peerc
5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for nonwork hours. If you disable or do not configure this policy se
d. Note: The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the

ure it, the default value of 30 percent of the slowest active network interface will be used. Note: This setting has no effect if the "Allow BIT
- Transfer unless surcharge applies (when not roaming or overcap) - Transfer unless nearing limit (when not roaming or nearing c

e default lock screen image and will be able to select another image, unless you have enabled the "Prevent changing lock screen image" po

e separate policies to configure it.


Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Con
Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence over the setting in User Con

sonalization. Note: For Windows Vista, Windows Server 2008, and earlier versions of Windows, the module name should be entered, for e

2008, and earlier versions of Windows, the module name, for example timedate.cpl or inetcpl.cpl, should be entered. If a Control Panel item
at page to appear. After this, the policy string must contain a semicolon-delimited list of settings page identifiers. The identifier for any give
"Prevent changing Screen Saver" setting.
mputer to which this setting applies, the setting is ignored. Note: This setting can be superseded by the "Enable Screen Saver" setting. If the
tting. Note: To remove the Screen Saver dialog, use the "Prevent changing Screen Saver" setting.
creen Saver dialog in the Personalization or Display Control Panel is used. The default is 15 minutes.

ndows Classic visual style, leave the box blank beside "Path to Visual Style:" and enable this setting. When running Windows 8 or Windows

o Enterprise, Education, and Server SKUs.

If you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen tu

e: The "Allow delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents t
g the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fa
pal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard is perm
e Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard
more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a sing
ed credentials is not permitted to any machine. Note: The "Allow delegating saved credentials with NTLM-only server authentication" polic
rces.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.co
esources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrika
on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.human
ting applications must use Restricted Admin to connect to remote hosts. If you disable or do not configure this policy setting, Restricted Ad
the priority of the process in which programs run.

ow Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data. A value of 3 (Full) send
ow Windows, Windows Server, System Center, and apps are used, how they perform, and advanced reliability data. A value of 3 (Full) send

to send Full, Basic, or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diag

. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you ad

r is displayed. However, users can select the wallpaper of their choice. Also, see the "Allow only bitmapped wallpaper" in the same locatio
ee pane, and Web views, unless restricted by another setting. If you do not configure this setting, the default is to display Computer as usu

The "Enabled with UEFI lock" option ensures that Virtualization Based Protection of Code Integrity cannot be disabled remotely. In order
he setting, or 2) disable the setting and then remove the policy from each computer, with a physically present user.
enticode certificates.

icy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the rem

enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop

olicy setting, Windows can install and update device drivers for removable devices as allowed or prevented by other policy settings.

refuse to install unsigned files. As a result, the installation stops, and none of the files in the driver package are installed. To change driver fi

er in which Windows searches source locations for device drivers.

soft Management Console. Note: For Windows Server systems, this policy setting applies only if the Desktop Experience optional compon
y is not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. This p

n next boot. If you do not configure this policy setting, the default behavior is to turn on support for the NV cache.

olicy setting. Otherwise, the system uses the physical space on the volume as the quota limit. Note: To turn on or turn off disk quota mana
es, but they can continue to write to the volume as long as physical space is available. Note: This policy setting overrides user settings that
ar users (on the Quota tab in Volume Properties). If you disable or do not configure this policy setting, the disk space available to users is n
to log an event, regardless of whether or not you choose to enforce the disk quota limit. Also, this policy setting does not affect the Quota
heir status in the Quota Entries window changes. Note: To find the logging option, in My Computer, right-click the name of an NTFS file syst

hich it is joined.
ive this policy setting. For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specifi
stration of the corresponding A records was successful. If you disable this policy setting, or if you do not configure this policy setting, comp

if you do not configure this policy setting, DNS clients maintain their default behavior and will attempt to replace conflicting A resource rec
A and PTR resource records. To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value

delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes. If you enable this polic

volution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix search list is not configured, and the Ap
ol (TCP/IP) Properties dialog box. Devolution is not enabled if a global suffix search list is configured using Group Policy. If a global suffix sea

x, and a DNS suffix search list. If attaching suffixes is allowed, and a DNS client with a primary domain suffix of "contoso.com" performs a q

n off smart multi-homed name resolution policy setting is disabled or not configured.
tting will not take effect until the user logs off.

to choose which boot-start drivers to initialize the next time the computer is started. If you disable or do not configure this policy setting,

not configured (even if users have changed settings by using Control Panel). If you enable this policy setting, you can configure the followin
ssional Edition, and disable notification by default on computers that are running Windows Server. See also the Configure Error Reporting p

n Control Panel. The default setting in Control Panel is Upload all applications. This policy setting is ignored if the Configure Error Reporting
pplications on this list setting takes precedence. If an application is listed both in the List of applications to always report errors for policy se
how Contents dialog box. The file names must include the .exe file name extension (for example, notepad.exe). Errors that are generated b
s by default.
s by default.
between solution check reminders determines the interval time between the display of system notifications that remind the user to check
g the Solutions to Problems page in Control Panel. The Maximum number of reports to queue setting determines how many reports can be
quested by Microsoft. - 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data req
quested by Microsoft. - 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data req

on is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. - Send all
on is sent automatically, and Windows prompts the user for consent to send any additional data that is requested by Microsoft. - Send all

access the XML file, otherwise the settings will not be applied. Enabled Specify the location of the XML file in the Options section. You ca
ble. If you enable this setting, the recovery behavior for corrupted files will be set to either the regular (default), silent, or troubleshooting
gure this policy setting, the only Windows Runtime applications that can revoke access to all enterprise-protected content on the device ar

hen it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
ed files if the network or server holding the redirected files becomes unavailable. Note: If one or more valid folder GUIDs are specified in t

hen it processes a legacy redirection policy already deployed for these folders in your existing localized environment.
he path to a redirected folder is changed and Folder Redirection is configured to move the content to the new location, Windows copies th
u disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the u
u disable or do not configure this policy setting and the user has redirected folders, the folders are redirected on every computer that the u

e configured with the Services snap-in to the Microsoft Management Console. No system restart or service restart is required for this polic

cy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine
cy setting is enabled at the machine level, it cannot be disabled by a per-user policy setting. If this policy setting is disabled at the machine

ocale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. If this policy setting is enabl
ocale installed on the computer, unless restricted by the "Disallow selection of Custom Locales" policy setting. If this policy setting is enabl

f this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-u
f this policy is set to Not Configured at the computer level, then restrictions will be based on per-User policies. To set this policy on a per-u

ts value via PC Settings. If this policy is not configured, the user may configure the speech, inking, and typing personalisation setting via PC
ng preceded by 19, that is, 1930 to 1999. If you disable or do not configure this policy setting, Windows does not interpret two-digit year fo
t not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. If you en
t not be available for all languages, even when handwriting personalization is available. See Tablet PC Help for more information. If you en

aults that originate from the Active Template Library (ATL) thunk layer. PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x0000
aults that originate from the Active Template Library (ATL) thunk layer. PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x0000

behavior.) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from the do
oreground behavior.) The slow link value that is defined in this policy setting determines how long Group Policy will wait for a response from

en Group Policy detects a slow network connection, Group Policy will only process those client side extensions configured for processing ac
direction and Drive Maps preference extension will not be applied. Note: There are two conditions that will cause Group Policy to be pro

ble this policy setting, the behavior is exactly the same as in Windows 2000: user policy is applied, and a roaming user profile is allowed fro
mitted across a slow network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Pro
odic background processing" option prevents the system from updating affected policies in the background while the computer is in use. W
g" option prevents the system from updating affected policies in the background while the computer is in use. When background updates a
network connection, such as a telephone line. Updates across slow connections can cause significant delays. The "Process even if the Grou
nt delays. The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the bac
The "Do not apply during periodic background processing" option prevents the system from updating affected policies in the background w
on updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated on
updating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not
bjects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementations sp
essing" option prevents the system from updating affected policies in the background while the computer is in use. When background upd
ption prevents the system from updating affected policies in the background while the computer is in use. When background updates are d
gging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
gging" policy setting in Computer Configuration\Administrative Templates\System\GroupPolicy.
l ADM files for the Group Policy Object Editor" is enabled, the state of this setting is ignored and always treated as Enabled.

cy setting, you must restart your computer for it to take effect.


licies Only" command. Note: To find the "Show Policies Only" command, in Group Policy Object Editor, click the Administrative Templates
it, the Group Policy Object Editor snap-in uses the domain controller designated as the PDC Operations Master for the domain. Note: To ch
ections are considered to be fast. If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per sec
ections are considered to be fast. If you disable this setting or do not configure it, the system uses the default value of 500 kilobits per sec
oup Policy is updated every 90 minutes (the default). To specify that Group Policy should never be updated while the computer is in use, se
pdated while the computer is in use, select the "Turn off background refresh of Group Policy" setting. This setting also lets you specify how
dated every 90 minutes (the default). To specify that Group Policy for users should never be updated while the computer is in use, select th

GPOs. This leads to the following behavior: - If you had originally created the GPO with an English system, and then you edit the GPO with

that the user settings defined in the computer's Group Policy Objects and the user settings normally applied to the user are combined. If t
systems greater than Windows 7 configured for workplace connectivity.
kground processing" option prevents the system from updating affected preference items in the background while the computer is in use.
n on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Comp
background processing" option prevents the system from updating affected preference items in the background while the computer is in u
urn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Com
essing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgro
ing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configur
kground processing" option prevents the system from updating affected preference items in the background while the computer is in use. W
n the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Comput
y during periodic background processing" option prevents the system from updating affected preference items in the background while th
urn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Com
ption prevents the system from updating affected preference items in the background while the computer is in use. When background upda
n. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configuration trac
use significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected pre
must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.
ssing" option prevents the system from updating affected preference items in the background while the computer is in use. When backgrou
ng" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configura
cessing" option prevents the system from updating affected preference items in the background while the computer is in use. When backg
ng" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configura
round processing" option prevents the system from updating affected preference items in the background while the computer is in use. W
cing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configu
s. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items in the
ed on the client computer, and you must turn on the "Tracing" option. If there are no preference items under User Configuration in this ext
ignificant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected prefere
d you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is cre
periodic background processing" option prevents the system from updating affected preference items in the background while the compu
u must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is create
delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference items
must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created.
n cause significant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected
ing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configur
ring periodic background processing" option prevents the system from updating affected preference items in the background while the com
d you must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is cre
ocessing" option prevents the system from updating affected preference items in the background while the computer is in use. When back
cing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configu
cant delays. 2. The "Do not apply during periodic background processing" option prevents the system from updating affected preference it
ou must turn on the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is creat
cessing" option prevents the system from updating affected preference items in the background while the computer is in use. When backg
cing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Configu
processing" option prevents the system from updating affected preference items in the background while the computer is in use. When b
"Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Computer Co
ground processing" option prevents the system from updating affected preference items in the background while the computer is in use. W
n the "Tracing" option. If there are no preference items under User Configuration in this extension, no user trace file is created. 2. Comput

e extension" policy settings that are disabled. If you disable this policy setting, you prohibit use of preference extensions under Control Pa
s (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
mputers)," or "Permit use of Control Panel Settings (Users)," policy settings.

gs (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

nel Settings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.
ttings (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

gs (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.


mputers)," or "Permit use of Control Panel Settings (Users)," policy settings.

ngs (Computers)," or "Permit use of Control Panel Settings (Users)," policy settings.

n" policy settings that are disabled. If you disable this policy setting, you prohibit use of preference extensions under Control Panel Settings

somefolder". Note: An environment variable may be used, (for example, %windir%), as long as it is defined on the system. For example, %p
dows Update website.

n newer versions of Windows.


r the Internet to Microsoft. Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Command Line Parameters" settin

ce providers in the registry.


ce providers in the registry.

Reports and Solutions component in Control Panel to enable Windows Customer Experience Improvement Program for all users.

m Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Cont

Approved.
, and then click Modify Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4.
figuration, click Internet Explorer Maintenance, and then click Security. 2. Double-click Security Zones and Content Ratings, click Import th
gs. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls a
which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administr
Settings. 3. Select the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Con
dministrator Approved.
Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
nistrator Approved.
ode on the Advanced tab of the Internet Options dialog.
ode on the Advanced tab of the Internet Options dialog.

counters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifi
counters a website that attempts to load an ActiveX control that is not compatible with Enhanced Protected Mode, Internet Explorer notifi
HTTPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception.
HTTPS requests; unless the user grants a site-specific exception. Internet Explorer sends a DNT:0 header to any sites granted an exception.

e browser supports. Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdat
e browser supports. Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdat
many levels of a Web site are searched for new information.

ence over this policy. If either policy is enabled, this policy is ignored.
d in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence over this policy. If it is enabl

orites menu" policy (located in User Configuration\Administrative Templates\Windows Components\Internet Explorer) takes precedence ov
et Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
cy. If either policy is enabled, this policy is ignored.

ettings" "Disable changing accessibility settings"


ettings" "Disable changing accessibility settings"
s are converted to IDN format only for addresses that are not in the Intranet zone.
s are converted to IDN format only for addresses that are not in the Intranet zone.

omains in the Internet Zone. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
omains in the Internet Zone. For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.

000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. Va
000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced. Va
are specifically listed (and allowed) through the 'Add-on List' policy setting. If you disable or do not configure this policy setting, users may
are specifically listed (and allowed) through the 'Add-on List' policy setting. If you disable or do not configure this policy setting, users may

r Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings.
r Internet Explorer processes in this list because these processes always respect add-on management user preferences and policy settings.
et in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.
et in both Computer Configuration and User Configuration, both lists of behaviors will be allowed as appropriate.

tting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy settin
tting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy settin
he executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processe
he executable. If a Value Name is empty or the Value is not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processe

in this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for
in this box take precedence over that setting. If you disable or do not configure this policy setting, the Notification bar is not displayed for
r or those defined in a process list.
r or those defined in a process list.
ecurity applies to all local files and content processed by Internet Explorer.
ecurity applies to all local files and content processed by Internet Explorer.
le or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setti
le or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setti

u disable or do not configure this policy setting, the security feature is allowed.
u disable or do not configure this policy setting, the security feature is allowed.

olicy setting is ignored.


olicy setting is ignored.

list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, th
list: use the related Internet Explorer Processes policy to enable or disable these processes. If the All Processes policy setting is enabled, th

ver that setting. If you disable or do not configure this policy setting, the security feature is allowed.
ver that setting. If you disable or do not configure this policy setting, the security feature is allowed.

not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processe
not 0 or 1, the policy setting is ignored. Do not enter the Internet Explorer processes in this list: use the related Internet Explorer Processe
er Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take
er Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.
uter Configuration and User Configuration, both lists of protocols will be restricted for that zone.

oviders unless another policy setting restricts such configuration.


oviders unless another policy setting restricts such configuration.
gation bar. If you do not configure this policy setting, the user can interchange the positions of the menu bar and the navigation bar.

the menu bar, and the Command bar are not visible, and the user cannot access them. If you disable or do not configure this policy settin
the menu bar, and the Command bar are not visible, and the user cannot access them. If you disable or do not configure this policy settin

nage Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically a
nage Add-ons dialog box. Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically a

t choose to activate them by responding to the notification, using Manage Add-ons, or using other methods.
t choose to activate them by responding to the notification, using Manage Add-ons, or using other methods.

he default media client on their system.


licy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete. If you don't configure this p
licy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks Delete. If you don't configure this p

physical memory on the computer or how many Internet Explorer isolation settings are running. If you enable this policy setting, you set th
physical memory on the computer or how many Internet Explorer isolation settings are running. If you enable this policy setting, you set th
rt Wizard by double-clicking a software publishing certificate (.spc) file. This wizard enables users to import and configure settings for certifi
ams tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
tion, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
round and text colors.

the Connections tab from the interface, however, does not prevent users from running the Internet Connection Wizard from the desktop o

his option, the users open the Internet Options dialog box, click the Contents Tab and click the Settings button.

eeds do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.
eeds do not appear in the Address bar. This does not affect subscribing to feeds and interacting with them through the Favorites Center.

Menus), which prevents users from opening files by using the browser.

Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored. Also, see

ministrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting
ministrative template file, see the Internet Explorer documentation on search providers. If you disable or do not configure this policy setting
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e
o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
te into, this zone.
te into, this zone.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/

pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.

rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
n the zone.
n the zone.

setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e
o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Medium safety.
te into, this zone.
te into, this zone.

n the zone.
n the zone.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/

pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

ded with parameters or scripted.


ded with parameters or scripted.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.

rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/

pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e
o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e
oaded with parameters or scripted.
oaded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.

ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/

pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.

rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

ss such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.
ss such content over the restricted protocols is blocked when the Network Protocol Lockdown security feature is enabled.

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to High safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to High safety.

rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

ded with parameters or scripted.


ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.

ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a
ecommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a

setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settin
setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settin
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom

o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e
o allow control over questionable content accessed over any restricted protocols when the Network Protocol Lockdown security feature is e

oaded with parameters or scripted.


oaded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/
setting, the user will receive the security information message on the Web pages that contain both secure (https://) and nonsecure (http:/

pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp
pported by the server, the logon uses the user's network user name and password for logon. If Windows NT Challenge Response is not supp

tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
tting in the Internet Options dialog. In Internet Explorer 9 and earlier versions, if you disable this policy setting or do not configure it, users c
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ons dialog. In Internet Explorer 9 and earlier versions, if you disable this policy or do not configure it, users can drag content from one dom
ded with parameters or scripted.
ded with parameters or scripted.

missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.
missions are set to high safety. If you do not configure this policy setting, permissions are set to Low safety.

rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
rnet Explorer security feature will be on in this zone as dictated by the Scripted Windows Security Restrictions feature control setting for th
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.
ty feature will be on in this zone as set by Protection from Zone Elevation feature control.

y. If it is enabled, this policy is ignored.


"Turn off Shortcut Menu" policy, which disables the entire shortcut menu. Note: the user will still be able to open New Tabs.

s Components\Internet Explorer\Internet Control Panel folders.


ages are downloading.

lication or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior i
lication or process in the list, a script can perform a Clipboard operation without prompting the user. This means that if the zone behavior i

s the default.
s the default.

omputer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will overrid
omputer Configuration\Administrative Templates\Windows Components\Credential User Interface is enabled for the system, it will overrid
or disabled via policy settings do not undergo these checks.
or disabled via policy settings do not undergo these checks.
ear in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer
ear in the Standards Mode available in the latest version of Internet Explorer. This option matches the default behavior of Internet Explorer

ew Settings dialog box. If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an ad
ew Settings dialog box. If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an ad

ult maximum storage limit for all indexed databases. The default is 500 MB.
ult maximum storage limit for all indexed databases. The default is 500 MB.

e default maximum storage limit for all application caches. The default is 50 MB.
e default maximum storage limit for all application caches. The default is 50 MB.
ult maximum application cache resource list size for all application caches. The default is 1000 resources.
ult maximum application cache resource list size for all application caches. The default is 1000 resources.

d Trusted site zones only Binary Representation - 00110 • 0 - Restricted Sites Zone • 0 - Internet Zone • 1 - Trusted Sites Zone • 1 - Local
d Trusted site zones only Binary Representation - 00110 • 0 - Restricted Sites Zone • 0 - Internet Zone • 1 - Trusted Sites Zone • 1 - Local

tional level of Windows Server 2003, Windows 2000 native, or Windows 2000 mixed, domain controllers cannot provide information abou

omain controllers running Windows Server 2008 R2 or earlier operating systems. Note: For the following options of this KDC policy to be
ytes, which is the default Kerberos MaxTokenSize for Windows 7, Windows Server 2008 R2 and prior versions.
configuration.
C will never offer the PKInit Freshness Extension and accept valid authentication requests without checking for freshness. Users will never
parameters. If you disable this policy setting, the host name-to-Kerberos realm mappings list defined by Group Policy is deleted. If you do
LETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameters. If you disable this policy
setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU ext

ved, and then press the DELETE key. To edit a mapping, remove the current entry from the list and add a new one with different parameter
client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
ompound authentication is always provided for this computer account. If you disable this policy setting, Never will be used. If you do not
t\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beg

n the service requests compound authentication.


ficates will never be used. If you do not configure this policy setting, Automatic will be used.
e enabled setting that you use on individual servers where you want to enable BranchCache. - Enabled. With this selection, hash publicatio
hich is the default, both V1 and V2 hash generation and retrieval are supported. - Enabled. With this selection, the policy setting is applied

guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware

to adverse failover times and increased memory and CPU usage.

of LLTDIO will apply.


ead. If you disable or do not configure this policy setting, the default behavior for the Responder will apply.

Configuration. Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting. A
Configuration. Note: To create a customized run list by using a policy setting, use the ""Run these applications at startup"" policy setting. A
tVersion\RunOnce. Also, see the ""Do not process the legacy run list"" policy setting.
tVersion\RunOnce. Also, see the ""Do not process the legacy run list"" policy setting.

ence over the setting in User Configuration. Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point t
h settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs
h settings are configured, the system starts the programs specified in the Computer Configuration setting just before it starts the programs
ctively using the computer. In addition, changes that are made to the user object, such as adding a roaming profile path, home directory, o

ence over the setting in User Configuration. Tip: To display the welcome screen, click Start, point to Programs, point to Accessories, point t

already completed the initial setup and this policy setting is not configured, users new to this computer will not see the animation. Note: T
wish to add: <https://fabrikam.com/opensearch.xml> Note If you'd like your employees to use the default Microsoft Edge settings for ea
wish to add: <https://fabrikam.com/opensearch.xml> Note If you'd like your employees to use the default Microsoft Edge settings for ea
e this format to specify the link(s) you wish to add: <https://fabrikam.com/opensearch.xml><https://www.contoso.com/opensearch.xml>
e this format to specify the link(s) you wish to add: <https://fabrikam.com/opensearch.xml><https://www.contoso.com/opensearch.xml>
pt. If you disable this setting or do not configure it, users can enter author mode and open author-mode console files.
If a snap-in setting in the folder is enabled or not configured, the snap-in is permitted. When a snap-in is prohibited, it does not appear in
abled), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when
abled), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when
abled), the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
t configured (or disabled), the Group Policy tab is inaccessible. -- If "Restrict users to the explicitly permitted list of snap-ins" is disabled or
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
o explicitly permit use of this snap-in, enable this policy setting. If this policy setting is not configured or disabled, this snap-in is prohibited
bled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Consol
oblems on remote computers. If you do not configure this policy setting, MSDT prompts the user before downloading any additional tools.

ou enable this policy setting, the recovery behavior for corrupted files is set to either the Prompt For Resolution (default on Windows client
dd or Remove Programs.
rom removable media. Also, see the "Prevent removable media source for any install" policy setting.
bit patching" policy setting.
he Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Cautio
he Computer Configuration and User Configuration folders. To make this policy setting effective, you must enable it in both folders. Cautio
gacy files in use UI while still using Restart Manager for detection. If you disable or do not configure this policy setting, Windows Installer w
g affects Windows Installer only. It does not prevent users from selecting other browsers, such as File Explorer or Network Locations, to sea

er will automatically generate log files for those packages that include the MsiLogging property.
or floppy disk' option" policy settings.
or of Windows Installer on Windows Server 2003 family when the policy is not configured. -- The "Always" option indicates that Windows

a program inoperable, do not use this policy setting unless it is essential. This policy setting appears in the Computer Configuration and Us
a program inoperable, do not use this policy setting unless it is essential. This policy setting appears in the Computer Configuration and Us
h it has access to directories denied to the user. This policy setting is designed for less restrictive environments. It can be used to circumve

vated privileges" policy settings are set, and whether the update was installed in a per-user managed, per-user unmanaged, or per-machin

onfigure this policy setting, the Windows Installer will uses a default value of 10 percent for the baseline file cache maximum size.

y in the user's profile. If you do not configure this policy setting on Windows 2000 Professional, Windows XP Professional and Windows Vis

intranet and for temporary access to intranet resources when network location detection has not correctly determined that the DirectAcce

e URL must resolve to an IPv6 address of a Web server or contain an IPv6 address. Examples: HTTP:http://myserver.corp.contoso.com/ or H
d by periodic DC discoveries may be excessive.
ake very long periods to try to find a DC. If the value for this setting is too small and the DC is not available, the frequent retries may produ

efault behavior of the Netlogon share ensures that no application with only read permission to files on the Netlogon share can lock the file

ior of the SYSVOL share ensures that no application with only read permission to files on the sysvol share can lock the files by requesting ex
domain controller that hosts an Active Directory domain specified with a single-label name. the computers will not the DNS name resolutio
NS suffixes to perform DNS name resolution. The single-label name is not used without appending DNS suffixes unless the computer is join

restName> GcIpAddress A gc._msdcs.<DnsForestName> DsaCname CNAME <DsaGuid>._msdcs.<DnsForestName> Kdc S


d in zones with scavenging enabled, the value of this setting should never be longer than the Refresh Interval configured for these zones. Se

cords, click Enabled, and enter the sites' names in a space-delimited format. If you do not configure this policy setting, it is not applied to a

d DCs use their local configuration.


plication. To specify the sites covered by the DC Locator application directory partition-specific DNS SRV records, click Enabled, and then en
is not applied to any DCs, and DCs use their local configuration.

on for the computer. If you disable this policy setting, Try Next Closest Site DC Location will not be used by default for the computer. Howe
ains or forests. The default time interval for Force Rediscovery by DC Locator is 12 hours. Force Rediscovery can also be triggered if a call to
APIs can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator. If you disable this policy setting, DC Locator APIs will O
, Net Logon will not allow the negotiation and use of older cryptography algorithms. If you do not configure this policy setting, Net Logon
ot messages that are used for NetBIOS domain name based DC location. If you disable or do not configure this policy setting, this DC proce
known. If you enable or do not configure this policy setting, the DC location algorithm does not use NetBIOS-based discovery as a fallback
NS SRV records, click Enabled, and then enter a value. The range of values is from 0 to 2. If you do not configure this policy setting, it is not
ill ping DCs at the higher frequency. To specify this behavior, click Enabled and then enter a value. The range of values is from 1 to 2. If you
access to network components in the Windows Components Wizard. The Install button opens the dialog boxes used to add network com
e Advanced Settings dialog box, regardless of this setting.
connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties b

. Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes
te access connections" setting.) Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, t
ors can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access conn
a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced config
ormation as to how the problem can be resolved.
utton is enabled for administrators and Network Configuration Operators. The Local Area Connection Properties dialog box includes a list o
k Configuration Operators can enable/disable LAN connections. Note: Administrators can still enable/disable LAN connections from Device
on, Properties is enabled on the File menu. Note: This setting takes precedence over settings that manipulate the availability of features in
hanging this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When oth
ncluding administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Conn
ministrators) cannot open the remote access connection properties dialog box. Important: If the "Enable Network Connections settings for
twork components that the connection uses. To view or change the properties of a component, click the name of the component, and then

ministrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you disable th
ured (set to either Enabled or Disabled), this setting does not apply. Note: This setting does not prevent users from using other programs,
ser remote access connections. Note: When configured, this setting always takes precedence over the "Ability to rename LAN connections"

presenting the connection or by using the File menu. Note: This setting does not prevent users from using other programs, such as Interne
ors can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user i
not apply to administrators on post-Windows 2000 computers. If you disable this setting or do not configure it, the connection status taskb

puters running DirectAccess and the Internet is not routed through the internal network.
d by Windows Network Isolation. Example: [3efe:3022::1000];18.0.0.1;18.0.0.2 For more information see: http://go.microsoft.com/fwlink

Network Isolation attempts to automatically discover your private network hosts. Example: 3efe:1092::/96,18.1.1.1/10 For more informati

e made available for offline use by Group Policy. Note: This setting appears in the Computer Configuration and User Configuration folders.
e made available for offline use by Group Policy. Note: This setting appears in the Computer Configuration and User Configuration folders.
oes not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions e
oes not prevent users from setting custom actions through the Offline Files tab. However, users are unable to change any custom actions e
k space for automatically cached files is limited to 10 percent of the system drive by default, but users can change it. Tip: To change the am

is affected, but the associated network copy is not. The user cannot encrypt Offline Files through the user interface. If you do not configur
ds an event when the server hosting the offline file is reconnected to the network. Note: This setting appears in the Computer Configuratio
ds an event when the server hosting the offline file is reconnected to the network. Note: This setting appears in the Computer Configuratio
off and log on again.
ng appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configur
ng appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configur
menu, click Folder Options, click the Offline Files tab, and then click "View Files."
menu, click Folder Options, click the Offline Files tab, and then click "View Files."
ept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
ept the defaults, just enable this setting. You do not have to disable any other settings in this folder.
Windows 7, or Windows Vista.
Windows 7, or Windows Vista.
Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Availa
Configuration and User Configuration folders. If both policy settings are configured, the policy settings are combined, and the "Make Availa
in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes
in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes

ools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... min
ools menu, click Folder Options, and then click the Offline Files tab. This setting corresponds to the "Display reminder balloons every ... min

Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method without changing a setti
Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization method without changing a setti
onization, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer
onization, the system performs a quick synchronization by default, but users can change this option. This setting appears in the Computer

y (in milliseconds) for specific UNC paths. We recommend that you always specify a value for Latency, since the round-trip network latency
drive where the Offline Files cache is located. The limit for automatically cached files is 100 percent of the total disk space limit. If you do n
res that are in user selected Work Offline mode. This mode is in effect when a user selects the Work Offline button for a specific share. Wh
ms as the round trip latency of the network above which files should be transparently cached in the Offline Files cache. If the round trip lat

o determine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast pr
6 address that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and

server only, enable the setting; insert the fully qualified domain name or IPv6 address of the corporate seed server; and check the checkbo
y to determine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast
6 address that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and

y to determine whether it will publish the computer or will use multicast to search for other computers on the local subnet. The multicast
6 address that matches the cloud scope. If you disable or do not configure this policy setting, all PNRP clouds are turned on by default, and
o to re-register with any services to which the old PIN provided access. NOTE: This policy is only applicable to devices which are registered

indows Hello for Business credentials provisioned when the "Turn off smart card emulation" is enabled. Windows requires a reboot after y
m Compatibility Assistant" policy setting is enabled. The Diagnostic Policy Service (DPS) and Program Compatibility Assistant Service must b

o enable BranchCache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the
olicy to enable BranchCache client computer cache settings on individual client computers. Because the domain Group Policy setting is not
main members but you do not want to enable BranchCache on all client computers, you can specify Not Configured for this domain Group
main Group Policy setting, and then configure local computer policy to enable BranchCache on individual client computers. Because the dom
plied to client computers by this policy. In the circumstance where client computers are domain members but you do not want to configur
ot detect hosted cache servers, hosted cache mode is not turned on, and the client uses any other configuration that is specified manually
ache that is included with their operating system. - Enabled. With this selection, this policy setting is applied to client computers based on
tting. This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no effect on computer
ndividual client computers. Because the domain Group Policy setting is not configured, it will not over-write the client computer cache age

y setting, the DPS will enable Windows Boot Performance for resolution by default. This policy setting takes effect only if the diagnostics-w
dled by the DPS. If you do not configure this policy setting, the DPS will enable Windows Standby/Resume Performance for resolution by de
t configure this policy setting, the DPS will enable Windows System Responsiveness for resolution by default. This policy setting takes effec
ot configure this policy setting, the DPS will enable Windows Shutdown Performance for resolution by default. This policy setting takes effe
do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed
do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed
property of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the m
property of all modules and snap-ins is set to False. To add modules and snap-ins to the policy setting list, click Show, and then type the m
se the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users f
se the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users f
cy setting.
cy setting.

ol Panel\Printers.
y setting applies only to print drivers loaded by applications. Print drivers loaded by the print spooler are not affected. -This policy setting is
ng" setting in this setting folder and the "Browse a common web site to find printers" setting in User Configuration\Administrative Template
k "Network and Sharing Center". On the Network and Sharing Center page, click "Change advanced sharing settings". On the Advanced sha
etting affects the Add Printer Wizard only. It does not prevent users from using other programs to search for shared printers or to connect
the same as disabling it. Note: This policy does not determine whether offline printing will be available to the client. The client print spoo

es\Printers."
does not apply to 64-bit kernel-mode printer drivers as they cannot be installed and associated with a print queue.
e printer permissions to restrict the use of printers without specifying a setting. In the Printers folder, right-click a printer, click Properties, a

r do not configure this policy setting, the default limit is applied. In Windows 8 and later, Bluetooth printers are not shown so its limit doe

s will check the driver signature of all drivers that are downloaded from print servers. If this setting is disabled, or not configured, package

s will check the driver signature of all drivers that are downloaded from print servers. If this setting is disabled, or not configured, package
t, and the user does not type a location as a search criterion, the system searches for a nearby printer based on the IP address and subnet m
appears in the Location field by default. If you disable this setting or do not configure it, Location Tracking is disabled. Printer proximity is e
ters can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users creat
ters can point and print to any server. -Windows Vista computers will show a warning and an elevated command prompt when users creat

date, if needed. However, you must explicitly enable this policy setting for other versions of Windows (for example Windows Enterprise, an
objects. You can enable this setting to change the default behavior. To use this setting, select one of the following options from the "Prune

nfigure or disable this setting, the default values are used. Note: This setting is used only on domain controllers.
corded in the event log. If you disable or do not configure this policy setting, the contact events are not recorded in the event log. Note: T

ng Retry" settings to adjust the contact interval and number of contact attempts.

and they cannot use the "Get Programs" page to install published programs. Enabling this feature does not prevent users from installing pr

not configure this policy setting, the DPS will enable Windows Resource Exhaustion for resolution by default. This policy setting takes effe
in Control Panel) will be unavailable. However, with this policy setting disabled, users can still restore the computer to the original state or
cessed in the Power Options Control Panel.

ows. (See "Supported on" for supported versions.) If you disable this policy setting, the Shutdown Event Tracker is not displayed when you
o allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the compu
ou also specify the list of users or user groups that are allowed to offer remote assistance. To configure the list of helpers, click "Show." In t

. RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server En
s all extended error information for all processes. RPC only generates an error code. -- "On with Exceptions" enables extended error inform
this policy setting, it remains disabled and will generate RPC_S_SEC_PKG_ERROR errors to applications that ask for delegation and connect
or this policy setting is 90 seconds. The maximum is 7200 seconds (2 hours). If you disable this policy setting, the idle connection timeout
uthenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting. If you enable this po
tions. -- "Auto1" directs RPC to maintain basic state information only if the computer has at least 64 MB of memory. -- "Auto2" directs RP
he ""Run logon scripts synchronously"" setting to direct the system to wait for the logon scripts to complete before loading the desktop. An
Os B and C run in the following order for DesktopIT: Within GPO B: B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For DesktopSales, GPOs B a
B: B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and
B: B.ps1, B.cmd Within GPO C: C.ps1, C.cmd For Tamara, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and

connecting to the Microsoft servers that host the Windows Online Troubleshooting Service.
bled for detection, troubleshooting and resolution by default. No reboots or service restarts are required for this policy to take effect: chan

the web over metered connections and web results won't be displayed when a user performs a query in Search.

mailboxes. To stop indexing of online mailboxes and online delegate mailboxes you must disable both policies.

Windows Deskbar 2) The Desktop Search results search box 3) The WDS search box in Search Companion
e ID is 1033. http://sitename/_layouts/XXXX/searchresults.aspx?SearchString=$w These additional intranet search locations are added to

olicy prevents them from specifically using Windows Desktop Search-related add-ins. Note: Because of a limitation in the Group Policy edi
ain members. If you enable this policy setting, Security Center is turned on for all users. If you disable this policy setting, Security Center is

ng, Server Manager uses the refresh interval settings that are specified in the Server Manager console. Note: The default refresh interval f

:3”. If you disable or do not configure this policy setting, or if the required files cannot be found at the locations specified in this policy setti

whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.
whether or not they want to share their writing samples from the handwriting recognition personalization tool with Microsoft.

o comply with this policy setting. Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value co
omply with this policy setting. Note: To create a list of allowed applications, click Show. In the Show Contents dialog box, in the Value colu
est in the future will be shown. Note: This setting will be applied after the following policy: "Allow time invalid certificates" If you enable o
call. Certificates other than the default will not be available for logon.

to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you e

e SNMP service takes the Valid Communities configured on the local computer instead. Best practice: For security purposes, it is recomme
ommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full c
This setting has no effect if the SNMP agent is not installed on the client computer. Also, see the other two SNMP settings: "Specify permitt

default, users see the standard Access Denied message.


uments" policies in this folder. The system only uses this setting when neither of these related settings are selected. This setting does not
click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff. Also, see "Remove Logoff" in User Configu

ar the "Use Personalized Menus" option.


ar context menu.

ayout won't be changed. Users cannot customize their Start screen while this setting is enabled. If you disable this setting or do not configu
ayout won't be changed. Users cannot customize their Start screen while this setting is enabled. If you disable this setting or do not configu
with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support thi

s from this menu, and system administrators can create a customized Favorites menu for a user group. Note:This setting only affects the St
e specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to se

can change "Show app list in Start" in Settings.


Templates\Network\Network Connections).

he System-drive\Users\User-name\Recent folder. Also, see the "Remove Recent Items menu from Start Menu" and "Clear history of recent
u on and off. Note: This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do
shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
ot track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
affects the specified interface only. It does not prevent users from using other methods to run programs. Note: It is a requirement for third
Menu" policy settings.

configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
menu and from the Tools menu in Internet Explorer. Also, see the "Hide the "Add programs from Microsoft" option" policy setting.

skbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff. See also: "Remove Logoff"

Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
y is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.
y is available. Users will be able to configure this setting on the Text completion tab in Input Panel Options.
om appearing next to text entry areas” policy and the “Prevent Input Panel tab from appearing” policy, and disable the “Show Input Panel
om appearing next to text entry areas” policy and the “Prevent Input Panel tab from appearing” policy, and disable the “Show Input Panel
ar next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in
ar next to text entry areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in
areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.
areas in applications where this behavior is available. Users will be able to configure this setting on the Opening tab in Input Panel Options.
p-down box, password security is set to “Medium-Low.” At this setting, when users enter passwords from Input Panel they use the on-scree
p-down box, password security is set to “Medium-Low.” At this setting, when users enter passwords from Input Panel they use the on-scree
ox. If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting
ox. If you disable this policy, rarely used Chinese, Kanji, and Hanja characters will not be included in recognition results when handwriting
P Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choo
P Tablet PC Edition. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choo
t Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Option
t Panel will provide text prediction suggestions. Users will be able to configure this setting on the Text Completion tab in Input Panel Option
tting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the ""Do not allow p

tting. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting i
tting. Note: This setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting i
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence
uter Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration takes precedence
rs from changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.
rs from changing the properties of newly created tasks, use the "Remove Advanced Menu" setting.

nding IPv4 address. Policy Enabled State: If the ISATAP name is resolved successfully, the host will have ISATAP configured with a link-local

bal IPv4 address is present, the host will have a 6to4 interface. Policy Enabled State: If a global IPv4 address is present, the host will have a

p Services sessions.
t connects to the remote computer. Note: If this policy setting is enabled, then the "Start a program on connection" policy setting is ignore
. For example, a remote user can do this by specifying the program's executable path at connection time by using the Remote Desktop Co
Remote Desktop Protocol (.rdp) file. In addition, the client computer must have the necessary hardware to support Windows Aero feature
ection Broker load balancing by using the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI provider.

ost server. If you disable or do not configure this policy setting, when a user closes the last RemoteApp program, the session will be discon
ost server. If you disable or do not configure this policy setting, when a user closes the last RemoteApp program, the session will be discon
ctions, even if font smoothing is enabled in RDC or in the .rdp file. If you disable or do not configure this policy setting, font smoothing is

on level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not su
. If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
posed to SSL encryption) is not recommended. * RDP: The RDP method uses native RDP encryption to secure communications between th
twork Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server. If yo
r will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate i
used by default. If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if on
et RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect di
her RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate

24 bits is only supported on Windows Server 2003 and Windows XP Professional. 2.The value specified in this policy setting is not applied t

allowed. Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting

default behavior applies.

nter is 1 to 999,999. If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the s
t server does not specify a license server at the Group Policy level.

99. If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of W
ng a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Co

le this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
le this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.

y, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its defa
y, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its defa

e computer after the client connects to the remote computer. Note: If this policy setting is enabled, then the "Start a program on connectio
gnored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Ro
name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network

s will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified. If you disable or do not con
sues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by
ing: * A client connecting to a Windows Server 2003 terminal server * A client connecting to a Windows 2000 terminal server If you enab
s allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows
um quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client compu
audio recording redirection is specified in RDC. If you do not configure this policy setting, Audio recording redirection is not specified at the

r, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print p
r, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print p
s policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.

remote computer only if it is running Windows Server 2012 R2 and earlier versions. Note: You can disable redirection of specific types of

PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver. "De

p Services.
annot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to R
t effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and
bedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on
For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard. 2. This policy setting is not effective
s disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remo
s disconnects a timed-out session, even if specified otherwise by the server administrator. If you do not configure this policy setting, Remo
er. If you have a console session, disconnected session time limits do not apply. If you disable or do not configure this policy setting, this po
er. If you have a console session, disconnected session time limits do not apply. If you disable or do not configure this policy setting, this po
unt of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure
unt of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure
e Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Co
e Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Co
effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, th
s are always created, even if the server administrator specifies otherwise. If you do not configure this policy setting, per-session temporary

ant to connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cann
they want to connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, user
sted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the beha
ted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behav
f you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when
ect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authe
aphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth. If you enable this pol

ession algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you ar

mpt only for non-RemoteFX vGPU scenarios”, Remote Desktop attempts to use hardware encoding for all scenarios except RemoteFX vGPU.

be disabled. If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is
balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that
ote Desktop Protocol (RDP) 7.1, and does not affect clients that are using other RDP versions.
has no default connection URL. Note: RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untru
his server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality. If you disabl

dditional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affec

hentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegatio
st by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The lo
ure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local list
commands.
ly. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization. The Standa
r two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires autho
h standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that
ect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.

atalog which use the same ID as the default Microsoft templates, they will be ignored. If you specify a UNC path and check the option to re

olicy setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.
olicy setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.
hich are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. If you do not configu
hich are common between the Microsoft Office Suite 2016 applications are excluded from synchronization with UE-V. If you do not configu

alues will be deleted.


alues will be deleted.
be deleted.
be deleted.

olicy setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.
olicy setting should not be disabled. If you do not configure this policy setting, any defined values will be deleted.
hich are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. If you do not configu
hich are common between the Microsoft Office Suite 2013 applications are excluded from synchronization with UE-V. If you do not configu

alues will be deleted.


alues will be deleted.

be deleted.
be deleted.
ot configure this policy setting, any defined values will be deleted.
ot configure this policy setting, any defined values will be deleted.

olicy setting should not be disabled If you do not configure this policy setting, any defined values will be deleted.
olicy setting should not be disabled If you do not configure this policy setting, any defined values will be deleted.
al folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings s
al folder to synchronize data between users’ computers. In this mode, UE-V writes settings data to the local folder specified in the settings s
e defines the name of the virtual desktop collection containing the virtual computers. If you enable this policy setting, the UE-V rollback sta
e defines the name of the virtual desktop collection containing the virtual computers. If you enable this policy setting, the UE-V rollback sta

u do not configure this policy setting, any defined values are deleted.

no file system access to this folder. Note: If the policy setting is enabled after the profile is created, the policy setting has no effect. Note: T
der if the permissions are not correct. By configuring this policy setting, you can alter this behavior. If you enable this policy setting Windo
ws 2000. %HOMESHARE% stores the fully qualified path to the home directory (such as \\server\share\dir1\dir2\homedir). Users can acce
mputer's hard drive when the user logs off. Important: Do not enable this policy setting if you are using the slow link detection feature. To r
defined by the "Slow network connection timeout for user profiles" policy setting), the system applies the other policy settings set in this fo
tting, the system does not consult the user. Instead, the system uses the local copy of the user profile. If you have enabled the "Wait for re
dows Vista, only the History, Local Settings, Temp, and Temporary Internet Files folders are excluded from the user's roaming profile by defa
oftware Installation during user logon when a user profile is deleted and that user subsequently logs on to the machine. If you disable or d
rofile size has been reduced to within the allowable limit. In Microsoft Windows Vista, Windows will not block users from logging off. Inste
ns use the local profile. If you disable this setting or do not configure it, the default behavior occurs, as indicated above. If you enable bot
put. The minumum value is 0 seconds, and the maximum is 600 seconds. If you disable or do not configure this policy setting, Windows w

umber of times the system tries to unload and update the user's registry settings. (You cannot adjust the retry rate.) If you disable this polic
he default behavior occurs, as indicated above. Note: This policy setting only affects roaming profile users.
pond in the time allowed (as set in the "Timeout for dialog boxes" policy setting). Waiting for the remote profile is appropriate when users
data per second or take 120 milliseconds to respond.Consider increasing this value for clients using DHCP Service-assigned addresses or fo

ed folders such as Appdata\Roaming, Start Menu, and Documents. You should suspend only the subfolders of these parent folders.

ximum of 30 seconds.
er will use their local profile or standard roaming user profile. Note: There are four ways to configure a roaming profile for a user. Windows
set, Windows uploads the registry file at the same time every day, as long as the user is logged on. For both scheduling options, there is a
the user's UPN, SIP/URI, and DNS. Selecting this option may have a negative impact on certain enterprise software and/or line of business

u disable or do not configure this policy setting and the user has a roaming profile, the roaming profile is downloaded on every computer th
ve letter box is ignored if you choose “On the local computer” from the Location list. If you choose “On the local computer” and enter a file
tLocker recovery information includes the recovery password and some unique identifier data. You can also include a package that contain
store the 48-digit recovery password as a text file. Printing will send the 48-digit recovery password to the default printer. For example, no
e recovery password in a folder. Note: This policy setting does not prevent the user from saving the recovery password in another folder.
e encryption method specified by the setup script.
Vista, Windows Server 2008, Windows 7)" policy setting, if it is set. If neither policy is set, BitLocker will use the default encryption method
8-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)" and "Ch

URL" option, the URL you type in the "Custom recovery URL option" text box will replace the default URL in the default recovery message,

irements you define. To enforce complexity requirements on the password, select "Require complexity". When set to "Require complexity

ar manner, BitLocker will only update the BitLocker To Go Reader when the identification field on the drive matches the value configured fo
x must match the object identifier in the smart card certificate. If you disable or do not configure this policy setting, a default object identi
o effect if it is included in the provided fields.
48-digit recovery password or a 256-bit recovery key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users fro
rning on BitLocker.
ocker-encrypted data is protected solely by the key material on this USB flash drive. If you enable this policy setting, the wizard will display
or if you have forgotten the password then you will need to use one of the BitLocker recovery options to access the drive. On a computer w
omputer Configuration\Windows Settings\Security Settings\Public Key Policies\BitLocker Drive Encryption Network Unlock Certificate" on t
re this policy setting, the TPM uses the default platform validation profile or the platform validation profile specified by the setup script. A
itLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encrypted operating s
fore turning on BitLocker, you can configure the boot components that the TPM will validate before unlocking access to the BitLocker-encry

encryption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-base
is policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options

e "Use enhanced Boot Configuration Data validation profile" group policy setting is ignored and Secure Boot verifies BCD settings according
overy key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options when they tur
efine. To require the use of a password, select "Require password for fixed data drive". To enforce complexity requirements on the passwor

. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specified, or if the drive has th

rning on BitLocker.
tion will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based encry
256-bit recovery key. Select "Omit recovery options from the BitLocker setup wizard" to prevent users from specifying recovery options wh
le disk drives. If you disable this policy setting, users cannot use BitLocker on removable disk drives.
ssword, select "Require password for removable data drive". To enforce complexity requirements on the password, select "Require comple
ves on the computer will be mounted with read and write access. Note: This policy setting can be overridden by the policy settings under
their removable drives. If BitLocker To Go Reader (bitlockertogo.exe) is present on a drive that does not have an identification field specifie
emovable data drive.
rning on BitLocker.
ncryption will be used by default when the drive is encrypted. If you do not configure this policy setting, BitLocker will use hardware-based
eries before subsequent time samples are evaluated as potential spikes. Default: 5 LargePhaseOffset If a time sample differs from the the
ncFlags This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, a

al connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual c
hen the amount of network traffic over the less preferred connection drops below a certain threshold. For example, when a computer is co
u configure separate scenario-specific policy settings. This policy setting takes precedence over any scenario-specific policy settings when i
d type of monitoring will be enabled. If you disable or do not configure this setting, monitoring for incoming and outgoing files will be ena
Real-time Protection -> The “Scan all downloaded files and attachments” policy must be enabled or the “Block at First Sight” feature will n

Advanced membership Basic membership will send basic information to Microsoft about software that has been detected, including where

measures (may impact client performance) (0x6) Zero tolerance blocking level – block all unknown executables

folders GP setting.
xxxx-xxxx-xxxxxxxxxxxx 2 Disabled: No ASR rules will be configured. Not configured: Same as Disabled. You can exclude folders or fi

dows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to thi
ws XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement

ows Vista common dialog box style.


op" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Ad
when it cannot find the target file in the current target path.

to view and change drive characteristics. If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not
requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

his setting.

not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly. If you disable

trative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting

to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive chara

ters from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
on might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program migh

pplications to only open a limited set of folders.


pplications to only open a limited set of folders.

ake precedence over Internet search links. The first several links will also be pinned to the Start menu. A total of four links can be pinned o
red between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search li
e paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.

ou disable or do not configure this policy, all default Windows Libraries features will be enabled.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.

to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you e
e information about the SDDL format, see the Windows Defender Firewall deployment information at the Microsoft Web site (http://go.mic
ote the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a pro
roup Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall w

ol Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it. If you do not configure this policy s
he port. In the Windows Defender Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared and administrat
ages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, th
wall\pfirewall.log. If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this
new program" check box is selected by default, and administrators can change it.
inistrators to add ports to the local port exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also
tor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Securit
Windows Defender Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You
mponent of Control Panel, the "Remote Desktop" check box is cleared and administrators cannot select it. If you do not configure this polic
this policy setting can interfere with the NetBIOS messages that detect name conflicts.
tions list, Windows Defender Firewall does not open the ports. In the Windows Defender Firewall component of Control Panel, the "UPnP f
ote the syntax, click the Show button. In the Show Contents dialog box type a definition string that uses the syntax format. To remove a pro
roup Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall w

ol Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it. If you do not configure this policy s
he port. In the Windows Defender Firewall component of Control Panel, the "File and Printer Sharing" check box is cleared and administrat
ages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, th
wall\pfirewall.log. If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this
new program" check box is selected by default, and administrators can change it.
inistrators to add ports to the local port exceptions list that is defined by the Windows Defender Firewall component in Control Panel, also
tor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Securit
Windows Defender Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You
mponent of Control Panel, the "Remote Desktop" check box is cleared and administrators cannot select it. If you do not configure this polic
this policy setting can interfere with the NetBIOS messages that detect name conflicts.
tions list, Windows Defender Firewall does not open the ports. In the Windows Defender Firewall component of Control Panel, the "UPnP f

wnload security upgrades, and perform license restoration.


ng, users can display the Player in full or skin mode and have access to all available features of the Player.
nabled and HTTP is not selected. If you disable this policy setting, the HTTP proxy server cannot be used and the user cannot configure the
ot be used and users cannot configure the MMS proxy settings. If you do not configure this policy setting, users can configure the MMS pr
ure the RTSP proxy settings.

e available to users on the Network tab. If the administrator does not specify any protocols, the Player cannot access an MMS or RTSP URL
nfiguration. If both are present, the Computer Configuration version of this policy setting takes precedence.
nfiguration. If both are present, the Computer Configuration version of this policy setting takes precedence.

v4 addresses, and the IPv6 filter specifies one or more ranges of IPv6addresses. If specified, the service enumerates the available IP addres

eningLevel is set to None, all requests are accepted (though they are not protected from credential-forwarding attacks).

ks and access to Windows Update" setting. If the "Remove links and access to Windows Update" setting is enabled, the links to Windows U
dows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.
\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box policy setting is enabled.
d notifications This setting will show notifications about restarts that are required to complete an installation. On Windows 8 and Window
ound (the user is not notified or interrupted during this process). When the downloads are complete, users will be notified that they are re
Automatic Updates client connects to the specified intranet Microsoft update service (or alternate download server), instead of Windows U

store updates, and Cancel an install. On XP: If you enable this policy setting, users will not see a User Account Control window and do not

led notifications for optional applications. In Windows Vista, this policy setting controls detailed notifications for optional applications and u
m will automatically return to hibernation in 2 minutes.
pdates" policy is disabled, this policy has no effect.

ce location" policy is disabled or not configured, this policy has no effect. Note: This policy is not supported on Windows RT. Setting this po
Windows RT PCs.

to manage flight settings on behalf of users when this value is set.


ure updates will arrive when they are declared Semi-Annual Channel. This usually occurs about 4 months after Semi-Annual Channel (Targe

o 0, the restart will not be automatically executed and will remain Engaged restart (e.g. pending user scheduling). If you disable or do not

ll appear that Windows could not retrieve the information and the user will not be able to log on. Therefore, you should not enable this po

t to examine and appropriately configure the “Remove logon hours expiration warnings” setting

ble, click System Properties in Control Panel, click the Advanced tab, click the Environment Variables button, and then, in the System variab
nnect to networks shared by my contacts," and "Enable paid services" will be turned off and users on this device will be prevented from ena

rk Folders settings" policy setting to determine whether to automatically set up Work Folders for a given user.
ithout prompting users. This prevents users from choosing not to use Work Folders on the computer; it also prevents them from manually

es in the background. No reboots or service restarts are required for this policy setting to take effect.

f you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can access cellular
) programs that are offered on the desktop or on the Start menu. If you disable this setting or do not configure it, "Add programs from you

and prevent the Windows Component Wizard from starting, enable the "Hide Add/Remove Windows Components page" setting. If the "Hi

m runs for all users on this computer. If the status is set to Not Configured, the OS falls back on a local policy set by the registry DWORD va

to applications and their installers and these applications may fail to install or run properly. This option is useful to server administrators w

nostic Policy Service (DPS) and Program Compatibility Assistant Service must be running for the PCA to run. These services can be configur

tting, all clipboard functionality is turned off in Application Guard.

whether Windows apps can access account information by using Settings > Privacy on the device. If an app is open when this Group Policy
ess the calendar by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employee
cess the call history by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, emplo
he camera by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees mus
using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the ap
Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device fo
ng Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app
n read or send messages by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, e
s apps can access the microphone by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a
ss motion data by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees
ess notifications by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employee
calls by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a device, employees must rest
have access to control radios by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a devic
nfigure this policy setting, employees in your organization can decide whether Windows apps can communicate with unpaired wireless dev
ivacy on the device. If an app is open when this Group Policy object is applied on a device, employees must restart the app or device for th
pps can access trusted devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a dev
ps can run in the background by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied on a dev
f you disable or do not configure this policy setting, employees in your organization can decide whether Windows apps can get diagnostic i

e logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfull

h prefers the file handler over the file type.


figure this policy setting, Windows sets the default risk level to moderate.

g, Windows Vista or later will prompt the user whether autorun command is to be run.
g, Windows Vista or later will prompt the user whether autorun command is to be run.

uration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over th
uration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over th

licy setting does not affect Peercaching transfers between peer computers (it does affect transfers from the origin server); the "Limit the m
or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.
ork and other schedules.
ever, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effe

ng has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
(when not roaming or nearing cap) - Transfer only if unconstrained - Custom--allows you to specify a bitmask, in which the bits d

changing lock screen image" policy. If you do not configure this policy, Windows spotlight will be available on the lock screen and will be s
nce over the setting in User Configuration.
nce over the setting in User Configuration.

e name should be entered, for example timedate.cpl or inetcpl.cpl. If a Control Panel item does not have a CPL file, or the CPL file contains

e entered. If a Control Panel item does not have a CPL file, or the CPL file contains multiple applets, then its module name and string resou
tifiers. The identifier for any given settings page is the published URI for that page, minus the "ms-settings:" protocol part. Example: to spe
able Screen Saver" setting. If the "Enable Screen Saver" setting is disabled, this setting is ignored, and screen savers do not run.

running Windows 8 or Windows RT, you cannot apply the Windows Classic visual style.

time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately

mes (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is p
ning on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.hum
e use of a single wildcard is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Des
ted. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.
n be delegated. The use of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresource
only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to
/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This policy setti
MSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com This poli
l machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrika
this policy setting, Restricted Admin and Remote Credential Guard mode are not enforced and participating apps can delegate credentials
ity data. A value of 3 (Full) sends the same data as a value of 2, plus advanced diagnostics data used to diagnose and fix problems with dev
ity data. A value of 3 (Full) sends the same data as a value of 2, plus advanced diagnostics data used to diagnose and fix problems with dev

icy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy.

for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that

d wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control P
ult is to display Computer as usual. Note: In operating systems earlier than Microsoft Windows Vista, this policy applies to the My Comput

t be disabled remotely. In order to disable the feature, you must set the Group Policy to "Disabled" as well as remove the security function

remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, and no other policy setting desc

devices from a remote desktop client to the remote desktop server. If you disable or do not configure this policy setting, and no other pol

d by other policy settings.

are installed. To change driver file security without specifying a setting, use System in Control Panel. Right-click My Computer, click Proper

op Experience optional component is installed and the Remote Desktop Services role is not installed.
s take effect immediately. This policy setting takes effect only when the DPS is in the running state. When the service is stopped or disable

n on or turn off disk quota management without specifying a setting, in My Computer, right-click the name of an NTFS volume, click Proper
tting overrides user settings that enable or disable quota enforcement on their volumes. Note: To specify a disk quota limit, use the "Defau
disk space available to users is not limited. The disk quota management feature uses the physical space on each volume as its quota limit a
setting does not affect the Quota Entries window on the Quota tab. Even without the logged event, users can detect that they have reache
ick the name of an NTFS file system volume, click Properties, and then click the Quota tab.

oft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer.VPNc
onfigure this policy setting, computers will use locally configured settings.

eplace conflicting A resource records during dynamic update. If you disable this policy setting, existing A resource records that contain con
ue of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 se

suffixes. If you enable this policy setting, one DNS suffix is attached at a time for each query. If a query is unsuccessful, a new DNS suffix is

list is not configured, and the Append primary and connection specific DNS suffixes radio button is selected, the DNS client appends the fo
Group Policy. If a global suffix search list is not configured, and the Append primary and connection specific DNS suffixes radio button is sel

x of "contoso.com" performs a query for "server.corp" the DNS client will send a query for "server.corp" first, and then a query for "server.c
not configure this policy setting, the boot start drivers determined to be Good, Unknown or Bad but Boot Critical are initialized and the initi

g, you can configure the following settings in the policy setting: - ""Do not display links to any Microsoft ‘More information’ websites"": Sel
o the Configure Error Reporting policy setting.

if the Configure Error Reporting policy setting is disabled or not configured. For related information, see the Configure Error Reporting and
always report errors for policy setting, and in the exclusion list in this policy setting, the application is excluded from error reporting. You can
exe). Errors that are generated by applications on this list are always reported, even if the Default dropdown in the Default application repo
ns that remind the user to check for solutions to problems. A value of 0 disables the reminder. If you disable or do not configure this policy
rmines how many reports can be queued before older reports are automatically deleted. The setting for Number of days between solution
ally sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high proba
ally sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high proba

quested by Microsoft. - Send all data: any error reporting data requested by Microsoft is sent automatically. If this policy setting is disabled
quested by Microsoft. - Send all data: any error reporting data requested by Microsoft is sent automatically. If this policy setting is disabled

le in the Options section. You can use a local (or mapped) path, a UNC path, or a URL, such as the following: - C:\MitigationSettings\Config
fault), silent, or troubleshooting only state. If you disable this setting, the recovery behavior for corrupted files will be disabled. No trouble
otected content on the device are Windows Mail and the user-selected mailto protocol handler app. Any other Windows Runtime applicati

ironment.
d folder GUIDs are specified in the policy setting "Do not automatically make specific redirected folders available offline", that setting will o

ironment.
new location, Windows copies the contents of the local cache to the new network location, then deleted the content from the old network
ed on every computer that the user logs on to. Note: If you enable this policy setting in Computer Configuration and User Configuration, th
ed on every computer that the user logs on to. Note: If you enable this policy setting in Computer Configuration and User Configuration, th

e restart is required for this policy setting to take effect: changes take effect immediately.

tting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level
tting is disabled at the machine level, the per-user policy setting will be ignored. If this policy setting is not configured at the machine level

ng. If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the c
ng. If this policy setting is enabled at the computer level, it cannot be disabled by a per-user policy. If this policy setting is disabled at the c

cies. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.
cies. To set this policy on a per-user basis, make sure that the per-computer policy is set to Not Configured.

ng personalisation setting via PC Settings.


es not interpret two-digit year formats using this scheme for the program.
for more information. If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure th
for more information. If you enable this policy setting, automatic learning stops and any stored data is deleted. Users cannot configure th

POLICY_SEHOP_ENABLE (0x00000004) Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP bl
POLICY_SEHOP_ENABLE (0x00000004) Enables structured exception handler overwrite protection (SEHOP) for the child process. SEHOP bl

wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeout valu
olicy will wait for a response from the domain controller before reporting the link speed as slow. The default is 500 milliseconds. The timeo

ons configured for processing across a slow link (slow network connection). If you enable this policy, when Group Policy cannot determin
will cause Group Policy to be processed synchronously even if this policy setting is enabled: 1 - At the first computer startup after the client

aming user profile is allowed from the trusted forest. If you disable this policy setting, the behavior is the same as if it is not configured.
ause significant delays. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if
d while the computer is in use. When background updates are disabled, policy changes will not take effect until the next user logon or syste
se. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process ev
s. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not c
ating affected policies in the background while the computer is in use. When background updates are disabled, policy changes will not take
ted policies in the background while the computer is in use. When background updates are disabled, policy changes will not take effect unti
specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired po
disabled, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have
Many policy implementations specify that they be updated only when changed. However, you might want to update unchanged policies, su
s in use. When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Proce
When background updates are disabled, policy changes will not take effect until the next user logon or system restart. The "Process even i
eated as Enabled.

ck the Administrative Templates folder (either one), right-click the same folder, and then point to "View." In Group Policy Object Editor, pre
aster for the domain. Note: To change the PDC Operations Master for a domain, in Active Directory Users and Computers, right-click a dom
ault value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Com
ault value of 500 kilobits per second. This setting appears in the Computer Configuration and User Configuration folders. The setting in Com
while the computer is in use, select the "Turn off background refresh of Group Policy" policy. The Set Group Policy refresh interval for com
setting also lets you specify how much the actual update interval varies. To prevent domain controllers with the same update interval from
the computer is in use, select the "Turn off background refresh of Group Policy" setting. This setting also lets you specify how much the ac

and then you edit the GPO with a Japanese system, the Group Policy Object Editor snap-in uses the local Japanese ADM files, and you see

ed to the user are combined. If the settings conflict, the user settings in the computer's Group Policy Objects take precedence over the use

nd while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user log
ser trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so compu
round while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next use
o user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so com
omputer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system
s created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configurati
d while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logo
trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer
ems in the background while the computer is in use. When background updates are disabled, preference item changes do not take effect u
user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so comp
s in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3
2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuration tracin
stem from updating affected preference items in the background while the computer is in use. When background updates are disabled, pre
on, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so
mputer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system re
created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configuratio
computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system
created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configurati
while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon
is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configura
affected preference items in the background while the computer is in use. When background updates are disabled, preference item chang
der User Configuration in this extension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is availa
m from updating affected preference items in the background while the computer is in use. When background updates are disabled, prefere
xtension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration o
he background while the computer is in use. When background updates are disabled, preference item changes do not take effect until the
nsion, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only
dating affected preference items in the background while the computer is in use. When background updates are disabled, preference item
on, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so
e system from updating affected preference items in the background while the computer is in use. When background updates are disabled
s created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configurati
in the background while the computer is in use. When background updates are disabled, preference item changes do not take effect until t
xtension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration o
e computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or syste
is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configura
m updating affected preference items in the background while the computer is in use. When background updates are disabled, preference i
ension, no user trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration onl
computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or system
is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer configura
the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logon or sy
e file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer confi
d while the computer is in use. When background updates are disabled, preference item changes do not take effect until the next user logo
trace file is created. 2. Computer Configuration tracing: This preference extension is available under User Configuration only, so computer

nce extensions under Control Panel Settings for Computer Configuration. Disabling this policy setting overrides any "Permit use of <extensio

ons under Control Panel Settings for User Configuration. Disabling this policy setting overrides any "Permit use of <extension name> prefer

d on the system. For example, %programfiles% is not defined on some early versions of Windows. The "Shortcut" command is used to add
ommand Line Parameters" settings in "Administrative Templates/Windows Components/Event Viewer".

t Program for all users.

Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.

and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
Content Ratings, click Import the Current Security Zones Settings, and then click Modify Settings. 3. Select the content zone in which you
4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
nd Plug-ins area, click Administrator Approved.
Level. 4. In the Run ActiveX Controls and Plug-ins area, click Administrator Approved.
ed Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. If you en
ed Mode, Internet Explorer notifies the user and gives the option to disable Enhanced Protected Mode for that particular website. If you en
any sites granted an exception. By default, this option is turned on.
any sites granted an exception. By default, this option is turned on.

ersion 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
ersion 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
nce over this policy. If it is enabled, this policy is ignored.

et Explorer) takes precedence over this policy. If it is enabled, this policy is ignored.
er TechNet library.
er TechNet library.

ich the add-on is referenced. Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To spe
ich the add-on is referenced. Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To spe
ure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.
ure this policy setting, users may use Add-on Manager to allow or deny any add-ons that are not included in the 'Add-on List' policy setting.

preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedenc
preferences and policy settings. If the All Processes policy setting is enabled, the processes configured in this policy setting take precedenc

o not configure this policy setting, the security feature is allowed.


o not configure this policy setting, the security feature is allowed.
er the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All P
er the Internet Explorer processes in this list: use the related Internet Explorer Processes policy to enable or disable IE processes. If the All P

tification bar is not displayed for the specified processes.


tification bar is not displayed for the specified processes.

x take precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.
x take precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.

sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure thi
sses policy setting is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure thi

lated Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes config
lated Internet Explorer Processes policy to enable or disable IE processes. If the All Processes policy setting is enabled, the processes config
esses configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the security feature is a
esses configured in this box take precedence over that setting. If you disable or do not configure this policy setting, the security feature is a
ar and the navigation bar.

o not configure this policy setting, the user can view and access the navigation bar, the menu bar, and the Command bar.
o not configure this policy setting, the user can view and access the navigation bar, the menu bar, and the Command bar.

all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However
all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However
ete. If you don't configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Track
ete. If you don't configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Track

ble this policy setting, you set the rate at which Internet Explorer creates new tab processes to low, medium, or high, or to an integer. If yo
ble this policy setting, you set the rate at which Internet Explorer creates new tab processes to low, medium, or high, or to an integer. If yo
and configure settings for certificates from software publishers that haven't already been configured for Internet Explorer.
y is ignored.

ction Wizard from the desktop or the Start menu.

through the Favorites Center.


through the Favorites Center.

d, this policy is ignored. Also, see the "Security zones: Use only machine settings" policy.

o not configure this policy setting, the user can configure his or her list of search providers.
o not configure this policy setting, the user can configure his or her list of search providers.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ol Lockdown security feature is enabled.


ol Lockdown security feature is enabled.
ons feature control setting for the process.
ons feature control setting for the process.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.

T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ons feature control setting for the process.


ons feature control setting for the process.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ol Lockdown security feature is enabled.


ol Lockdown security feature is enabled.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.

T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
ons feature control setting for the process.
ons feature control setting for the process.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.

T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ol Lockdown security feature is enabled.


ol Lockdown security feature is enabled.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.

T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ons feature control setting for the process.


ons feature control setting for the process.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ture is enabled.
ture is enabled.

ons feature control setting for the process.


ons feature control setting for the process.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
ons feature control setting for the process.
ons feature control setting for the process.

ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc
ted individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritanc

ill ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following
ill ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change

ol Lockdown security feature is enabled.


ol Lockdown security feature is enabled.
(https://) and nonsecure (http://) content.
(https://) and nonsecure (http://) content.

T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy
T Challenge Response is not supported by the server, the user is queried to provide the user name and password. If you disable this policy

tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
tting or do not configure it, users can drag content from one domain to a different domain when the source and destination are in the same
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
s can drag content from one domain to a different domain when the source and destination are in different windows. Users cannot change
ons feature control setting for the process.
ons feature control setting for the process.

o open New Tabs.


means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting for an applicati
means that if the zone behavior is currently set to prompt, it will be bypassed and enabled. If you disable this policy setting for an applicati

led for the system, it will override this policy setting.


led for the system, it will override this policy setting.
ult behavior of Internet Explorer. If you do not configure this policy setting, the user can turn on and turn off Internet Explorer 7 Standards
ult behavior of Internet Explorer. If you do not configure this policy setting, the user can turn on and turn off Internet Explorer 7 Standards

er 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages
er 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages
- Trusted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone • 22 - Trusted, Intranet, and Restricted site zones only Binary Rep
- Trusted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone • 22 - Trusted, Intranet, and Restricted site zones only Binary Rep

annot provide information about previous logons, and enabling this policy setting does not affect anything.

options of this KDC policy to be effective, the Kerberos Group Policy "Kerberos client support for claims, compound authentication and Ker

ng for freshness. Users will never receive the fresh public key identity SID.
roup Policy is deleted. If you do not configure this policy setting, the system uses the host name-to-Kerberos realm mappings that are defin
meters. If you disable this policy setting, the interoperable Kerberos V5 realm settings defined by Group Policy are deleted. If you do not co
e object identifier in the EKU extensions which can be issued to any server.

ew one with different parameters. If you disable or do not configure this policy setting, the Kerberos client does not have KDC proxy server
target domain.
ever will be used. If you do not configure this policy setting, Automatic will be used.
efault value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication conte

th this selection, hash publication is turned on for all file servers where Group Policy is applied. For example, if Hash Publication for Branch
tion, the policy setting is applied and the hash version(s) that are specified in "Hash version supported" are generated and retrieved. - Disa

uption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to an

ons at startup"" policy setting. Also, see the ""Do not process the run once list"" policy setting.
ons at startup"" policy setting. Also, see the ""Do not process the run once list"" policy setting.

ms, point to Accessories, point to System Tools, and then click ""Getting Started."" To suppress the welcome screen without specifying a se
ust before it starts the programs specified in the User Configuration setting. Also, see the ""Do not process the legacy run list"" and the ""D
ust before it starts the programs specified in the User Configuration setting. Also, see the ""Do not process the legacy run list"" and the ""D
g profile path, home directory, or user object logon script, may take up to two logons to be detected. If a user with a roaming profile, home

ms, point to Accessories, point to System Tools, and then click ""Getting Started."" To suppress the welcome screen without specifying a se

not see the animation. Note: The first sign-in animation will not be shown on Server, so this policy will have no effect.
lt Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as th
lt Microsoft Edge settings for each market, you can set the string to EDGEDEFAULT. If you'd like your employees to use Microsoft Bing as th
contoso.com/opensearch.xml> If you disable this setting, any added search engines are removed from your employee's devices. If you do
contoso.com/opensearch.xml> If you disable this setting, any added search engines are removed from your employee's devices. If you do
onsole files.
prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a user opens a console file that includes a prohibite
-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited sn
-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited sn
-in window in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited sn
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
ed list of snap-ins" is disabled or not configured, users will have access to the Group Policy tab. To explicitly prohibit use of the Group Polic
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
sabled, this snap-in is prohibited. -- If the policy setting "Restrict users to the explicitly permitted list of snap-ins" is disabled or not configu
e Microsoft Management Console.
ownloading any additional tools. No reboots or service restarts are required for this policy setting to take effect. Changes take effect immed

ution (default on Windows client), Silent (default on Windows server), or Troubleshooting Only. If you disable this policy setting, the troubl

enable it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges a
enable it in both folders. Caution: Skilled users can take advantage of the permissions this policy setting grants to change their privileges a
olicy setting, Windows Installer will use Restart Manager to detect files in use and mitigate a system restart, when possible.
rer or Network Locations, to search for installation files. Also, see the "Enable user to browse for source while elevated" policy setting.

" option indicates that Windows Installer is disabled. This policy setting affects Windows Installer only. It does not prevent users from usin

Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if
Computer Configuration and User Configuration folders. If the policy setting is enabled in either folder, it is considered be enabled, even if
ments. It can be used to circumvent errors in an installation program that prevents software from being installed.

user unmanaged, or per-machine context."

e cache maximum size.

XP Professional and Windows Vista, when a user reinstalls, removes, or repairs an installation, the transform file is available, even if the use

y determined that the DirectAccess client computer is connected to its own intranet. To restore the DirectAccess rules to the NRPT and res

myserver.corp.contoso.com/ or HTTP:http://2002:836b:1::1/. -A Universal Naming Convention (UNC) path to a file that NCA checks for exis
, the frequent retries may produce excessive network traffic.

Netlogon share can lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on cl

an lock the files by requesting exclusive read access, which might prevent Group Policy settings from being updated on clients in the doma
will not the DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name that exists in the
ffixes unless the computer is joined to a domain that has a single-label DNS name in the Active Directory forest. NetBIOS name resolution is

<DnsForestName> Kdc SRV _kerberos._tcp.dc._msdcs.<DnsDomainName> KdcAtSite SRV _kerberos._tcp.<SiteName>._sites


val configured for these zones. Setting the Refresh Interval of the DC Locator DNS records to longer than the Refresh Interval of the DNS zon

olicy setting, it is not applied to any GCs, and GCs use their local configuration.

cords, click Enabled, and then enter the site names in a space-delimited format. If you do not configure this policy setting, it is not applied

y default for the computer. However, if a DC Locator call is made using the DS_TRY_NEXTCLOSEST_SITE flag explicitly, the Try Next Closest S
y can also be triggered if a call to DC Locator uses the DS_FORCE_REDISCOVERY flag. Rediscovery resets the timer on the cached domain co
cy setting, DC Locator APIs will ONLY return IPv4 DC address if any. So if the domain controller supports both IPv4 and IPv6 addresses, DC Lo
re this policy setting, Net Logon will not allow the negotiation and use of older cryptography algorithms.
this policy setting, this DC processes incoming mailslot messages. This is the default behavior of DC Locator.
OS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior. If you disable this policy setting,
figure this policy setting, it is not applied to any DCs, and DCs use their local configuration.
ge of values is from 1 to 2. If you do not configure this policy setting, it is not applied to any computers, and computers use their local confi
boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the

perties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuratio

from accessing the check boxes for enabling and disabling the components of a LAN connection. Note: Nonadministrators are already pro
" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers. If you do not configure this
lete all user remote access connections" setting.) Important: When enabled, this setting takes precedence over the "Ability to delete all us
to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and re

erties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, clic
le LAN connections from Device Manager when this setting is disabled.
ate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the propertie
the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections
ption to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not
etwork Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Window
ame of the component, and then click the Properties button beneath the component list. Note: Not all network components have configu

000 computers. If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon repres
sers from using other programs, such as Internet Explorer, to bypass this setting.
ility to rename LAN connections" and "Ability to rename all user remote access connections" settings. Note: This setting does not prevent

other programs, such as Internet Explorer, to bypass this setting.


available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make
re it, the connection status taskbar icon and Status dialog box are available to all users.

http://go.microsoft.com/fwlink/p/?LinkId=234043

,18.1.1.1/10 For more information see: http://go.microsoft.com/fwlink/p/?LinkId=234043

and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be avai
and User Configuration folders. If both policy settings are configured, the policy settings will be combined and all specified files will be avai
e to change any custom actions established via this setting. Tip: To configure this setting without establishing a setting, in Windows Explore
e to change any custom actions established via this setting. Tip: To configure this setting without establishing a setting, in Windows Explore
change it. Tip: To change the amount of disk space used for automatic caching without specifying a setting, in Windows Explorer, on the To

interface. If you do not configure this policy setting, encryption of the Offline Files cache is controlled by the user through the user interfac
ars in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration tak
ars in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Configuration tak

he setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To configure this setting without establ
he setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To configure this setting without establ
ombined, and the "Make Available Offline" command is unavailable for all specified files and folders. The "Make Available Offline" comm
ombined, and the "Make Available Offline" command is unavailable for all specified files and folders. The "Make Available Offline" comm
n Computer Configuration takes precedence over the setting in User Configuration. Tip: To display or hide reminder balloons without estab
n Computer Configuration takes precedence over the setting in User Configuration. Tip: To display or hide reminder balloons without estab

reminder balloons every ... minutes" option.


reminder balloons every ... minutes" option.

method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then selec
method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then selec
setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Confi
setting appears in the Computer Configuration and User Configuration folders. If both settings are configured, the setting in Computer Confi

the round-trip network latency detection is faster. You can use wildcard characters (*) for specifying UNC paths. If you do not specify a Late
total disk space limit. If you do not configure this policy setting, the system limits the space that offline files occupy to 25 percent of the to
e button for a specific share. When selected, all configured settings will apply to shares in user selected Work Offline mode as well. If you d
e Files cache. If the round trip latency of the network is less than 60ms, reads to remote files will not be cached. If you enable this policy se

e local subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must be enabl
ds are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the cloud’s scope.

d server; and check the checkbox. Using the corporate seed server only will prevent your mobile users from being able to use their peer to
the local subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must enable
ds are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the cloud’s scope.

the local subnet. The multicast protocol used for bootstrapping is SSDP (Simple Service Discovery Protocol). The SSDP service must be ena
ds are turned on by default, and PNRP creates a cloud if the computer has an IPv6 address compatible with the cloud’s scope.
e to devices which are registered with Azure Active Directory.

indows requires a reboot after you apply this setting to a computer.


atibility Assistant Service must be running for the PCA to run. These services can be configured by using the Services snap-in to the Micros

gured, it will not over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Ena
main Group Policy setting is not configured, it will not over-write the client computer cache setting that you use on individual client compu
nfigured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache on individual client comput
ent computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting that you use on individ
but you do not want to configure a BranchCache latency setting on all client computers, you can specify Not Configured for this domain Gro
ation that is specified manually or by Group Policy. When this policy setting is applied, the client computer performs or does not perform
ed to client computers based on the value of the option setting "Select from the following versions" that you specify. - Disabled. With this
olicy has no effect on computers that are running Windows 7 or Windows Vista. Client computers to which this policy setting is applied, in
e the client computer cache age setting that you use on individual client computers. - Enabled. With this selection, the BranchCache client

es effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service restart is required for this pol
Performance for resolution by default. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configure
lt. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service rest
ult. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service re
configured is "No scripts allowed."
configured is "No scripts allowed."
click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer. Note: This
click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer. Note: This
hat directory to prevent users from viewing the transcripts of other users or computers. Note: This policy setting exists under both Compu
hat directory to prevent users from viewing the transcripts of other users or computers. Note: This policy setting exists under both Compu

ot affected. -This policy setting is only checked once during the lifetime of a process. After changing the policy, a running application must b
uration\Administrative Templates\Control Panel\Printers. Web view is affected by the "Turn on Classic Shell" and "Do not allow Folder Opti
g settings". On the Advanced sharing settings page, click the arrow next to "Domain" arrow, click "turn on network discovery", and then clic
or shared printers or to connect to network printers.
the client. The client print spooler can always queue print jobs when not connected to the print server. Upon reconnecting to the server, t

-click a printer, click Properties, and then click the Security tab. If this policy is disabled, or not configured, users can add printers using the

ers are not shown so its limit does not apply to those versions of Windows.

bled, or not configured, package point and print will not be restricted to specific print servers.

bled, or not configured, package point and print will not be restricted to specific print servers.
d on the IP address and subnet mask of the user's computer.
is disabled. Printer proximity is estimated using the standard method (that is, based on IP address and subnet mask).
mmand prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning
mmand prompt when users create a printer connection to any server using Point and Print. -Windows Vista computers will show a warning

xample Windows Enterprise, and all versions of Windows Server 2008 R2 and later) to have the same behavior.
llowing options from the "Prune non-republishing printers" box: -- "Never" specifies that printer objects that are not automatically republ

corded in the event log. Note: This setting does not affect the logging of pruning events; the actual pruning of a printer is always logged. N

t prevent users from installing programs by using other methods. Users will still be able to view and installed assigned (partially installed) p

ult. This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. No system restart or service res
omputer to the original state or from a user-created system image by restarting the computer and accessing the System Recovery Options m

acker is not displayed when you shut down the computer. If you do not configure this policy setting, the default behavior for the Shutdown
s to remotely control the computer." The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistanc
list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When

with the Windows NT4 Server Endpoint Mapper Service. Note: This policy will not be applied until the system is rebooted.
ns" enables extended error information, but lets you disable it for selected processes. To disable extended error information for a process w
t ask for delegation and connect to servers using constrained delegation. If you enable this policy setting, then: -- "Off" directs the RPC Ru
ng, the idle connection timeout on the IIS server running the RPC HTTP proxy will be used. If you do not configure this policy setting, it wil
cy setting. If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC serv
of memory. -- "Auto2" directs RPC to maintain basic state information only if the computer has at least 128 MB of memory and is running W
e before loading the desktop. An excessively long interval can delay the system and inconvenience users. However, if the interval is too sho
md For DesktopSales, GPOs B and C are applied, but not GPO A. Therefore, the scripts for GPOs B and C run in the following order for Des
efore, the scripts for GPOs B and C run in the following order for Tamara: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: T
efore, the scripts for GPOs B and C run in the following order for Tamara: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: T

or this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Task Scheduler service is in t

et search locations are added to the All Locations list in the Desktop Search results.

mitation in the Group Policy editor, you must add at least one entry in the allow list, even if you want to enable this policy without an allow
policy setting, Security Center is turned off for domain members. Windows XP SP2 ---------------------- In Windows XP SP2, the essential sec

te: The default refresh interval for Server Manager is two minutes in Windows Server 2008 and Windows Server 2008 R2, or 10 minutes in

ations specified in this policy setting, the files will be downloaded from Windows Update, if that is allowed by the policy settings for the com

ool with Microsoft.


ool with Microsoft.

ntents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).
ents dialog box, in the Value column, type the application executable name (e.g., Winword.exe, Poledit.exe, Powerpnt.exe).
alid certificates" If you enable or do not configure this policy setting, filtering will take place. If you disable this policy setting, no filtering w

attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears su

security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the
only the local admin group full control. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Al
SNMP settings: "Specify permitted managers" and "Specify Community Name".
selected. This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do no
Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.

able this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it.
able this setting or do not configure it, the Start screen layout won't be changed and users will be able to customize it.
ional are required to support this policy setting.

te:This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
from using other methods to search. If you disable or do not configure this policy setting, the Search link is available from the Start menu

enu" and "Clear history of recently opened documents on exit" policies in this folder. If you enable this setting but do not enable the "Rem
opened documents. See the "Do not keep history of recently opened documents" setting. This setting also does not hide document shortc
" policy settings.
ll shortcuts" policy settings.
Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

f the Start menu.


ft" option" policy setting.

ogoff. See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.

is available.

d disable the “Show Input Panel taskbar icon” policy, the user will then have no way to access Input Panel.
d disable the “Show Input Panel taskbar icon” policy, the user will then have no way to access Input Panel.
his setting on the Opening tab in Input Panel Options. Caution: If you enable both the “Prevent Input Panel from appearing next to text ent
his setting on the Opening tab in Input Panel Options. Caution: If you enable both the “Prevent Input Panel from appearing next to text ent
ening tab in Input Panel Options.
ening tab in Input Panel Options.
nput Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are ta
nput Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel displays the cursor and which keys are ta
nition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog
nition results when handwriting is converted to typed text. Users will not be able to configure this setting in the Input Panel Options dialog
you enable this policy and choose “None,” users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out ge
you enable this policy and choose “None,” users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out ge
pletion tab in Input Panel Options in Windows 7 and Windows Vista.
pletion tab in Input Panel Options in Windows 7 and Windows Vista.
p Lists. See the ""Do not allow pinning items in Jump Lists"" policy setting.

ttings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
ttings are configured, the setting in Computer Configuration takes precedence over the setting in User Configuration.
Configuration takes precedence over the setting in User Configuration.
Configuration takes precedence over the setting in User Configuration.
ATAP configured with a link-local address and an address for each prefix received from the ISATAP router through stateless address auto-con

s is present, the host will have a 6to4 interface. If no global IPv4 address is present, the host will not have a 6to4 interface. Policy Disabled

nnection" policy setting is ignored.


by using the Remote Desktop Connection client. If you disable or do not configure this policy setting, remote users can only start programs
o support Windows Aero features. Note: Additional configuration might be necessary on the remote computer to make Windows Aero fea
Desktop Services WMI provider. Note: If you enable this policy setting, you must also enable the Join RD Connection Broker, the Configure

ogram, the session will be disconnected from the RD Session Host server but it is not logged off. Note: This policy setting appears in both C
ogram, the session will be disconnected from the RD Session Host server but it is not logged off. Note: This policy setting appears in both C
policy setting, font smoothing is allowed for remote connections.

onnection). Clients that do not support this encryption level cannot connect to RD Session Host servers. * Client Compatible: The Client Co

ure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticat
he RD Session Host server. If you do not configure this policy setting, the local setting on the target computer will be enforced. On Window
ed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and th
pecified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the c
il, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the aut
e allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the clie

his policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers runn

by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Re

nd the server will not check the session state.

consistent with the version of Windows and the mode of Remote Desktop Services running on the server. If the status is set to Disabled or
nistrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected

ser's consent.
ser's consent.

k, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a va
k, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a va

he "Start a program on connection" policy setting is ignored.


f a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location. If the status is se
reated. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server an

ed. If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the
eleted or changed in any way by disabling or not configuring this policy setting. Note: You should only enable this policy setting when the l
2000 terminal server If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate R
7, Windows Vista, or Windows XP Professional. If you enable this policy setting, audio and video playback redirection is allowed. If you di
y configured on the client computer. For example, if the audio playback quality configured on the client computer is higher than the audio
edirection is not specified at the Group Policy level.

he Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. No
he Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session. No
olicy level.

e redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Devic

(PCL) fallback printer driver. "Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fall

I Provider to join the server to RD Connection Broker. If the policy setting is not configured, the policy setting is not specified at the Group
e policy settings are enabled and configured by using Group Policy. 2. For Windows Server 2008, this policy setting is supported on at least
client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancin
his policy setting is not effective unless the Join RD Connection Broker policy setting is enabled. 3. To be an active member of an RD Sessio
onfigure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. Note: Th
onfigure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings. Note: Th
nfigure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected s
nfigure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected s
mit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desk
mit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desk
e the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop S
e the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop S
ders per session policy setting, this policy setting has no effect.
y setting, per-session temporary folders are created unless the server administrator specifies otherwise.

tificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. Whe
alid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer nam
policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list c
olicy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting. If the list co
Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server. For Wind
Session Host server can be authenticated. If you disable or do not configure this policy setting, the authentication setting that is specified i
andwidth. If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, th

d is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RD

enarios except RemoteFX vGPU.

teFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
esktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression

sktop Connections from an untrusted server can compromise the security of a user's account.
ng network quality. If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to

n of the local session is not affected by this policy setting.

blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage
Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through
in the Group Policy and local lists of blocked TPM commands.
quires authorization. The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard
d to the TPM that requires authorization. This value is the maximum number of authorization failures each standard user may have before
ng a command to the TPM that requires authorization. The Standard User Individual Lockout value is the maximum number of authorizati

C path and check the option to replace the default Microsoft templates, all of the default Microsoft templates installed by the UE-V Agent w
with UE-V. If you do not configure this policy setting, any defined values will be deleted.
with UE-V. If you do not configure this policy setting, any defined values will be deleted.
with UE-V. If you do not configure this policy setting, any defined values will be deleted.
with UE-V. If you do not configure this policy setting, any defined values will be deleted.
l folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engi
l folder specified in the settings storage path. These settings are then synchronized to other computers by an external synchronization engi
olicy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. If you disable this policy setti
olicy setting, the UE-V rollback state is copied to the settings storage location on logout and restored on login. If you disable this policy setti

icy setting has no effect. Note: The policy setting must be configured on the client computer, not the server, for it to have any effect, becau
enable this policy setting Windows will not check the permissions for the folder in the case where the folder exists. If you disable or do no
1\dir2\homedir). Users can access the home directory and any of its subdirectories from the home drive letter, but they cannot see or acce
slow link detection feature. To respond to a slow link, the system requires a local copy of the user's roaming profile.
other policy settings set in this folder to determine how to proceed. By default, when the connection is slow, the system loads the local cop
ou have enabled the "Wait for remote user profile" policy setting, the system downloads the remote copy of the user profile without consu
he user's roaming profile by default. If you enable this policy setting, you can exclude additional folders. If you disable this policy setting o
the machine. If you disable or do not configure this policy setting, Windows will delete the entire profile for roaming users, including the W
ock users from logging off. Instead, if the user has a roaming user profile, Windows will not synchronize the user's profile with the roaming
dicated above. If you enable both the "Prevent Roaming Profile changes from propagating to the server" setting and the "Only allow local u
e this policy setting, Windows waits 30 seconds for user input before applying the default user profile .

try rate.) If you disable this policy setting or do not configure it, the system repeats its attempt 60 times. If you set the number of retries t

profile is appropriate when users move between computers frequently and the local copy of their profile is not always current. Using the lo
Service-assigned addresses or for computers accessing profiles across dial-up connections.Important: If the "Do not detect slow network c

of these parent folders.

ming profile for a user. Windows reads profile configuration in the following order and uses the first configured policy setting it reads. 1. Te
h scheduling options, there is a random one hour delay attached per-trigger to avoid overloading the server with simultaneous uploads. Fo
oftware and/or line of business apps that depend on the domain information protected by this setting to connect with network resources.

ownloaded on every computer that the user logs on to.


local computer” and enter a file share, the user's home folder will be placed in the network location without mapping the file share to a d
o include a package that contains a BitLocker-protected drive's encryption key. This key package is secured by one or more recovery passwo
default printer. For example, not allowing the 48-digit recovery password will prevent users from being able to print or save recovery inform
ry password in another folder.
the default encryption method of AES 128-bit or the encryption method specified by the setup script.
erver 2008, Windows 7)" and "Choose drive encryption method and cipher strength" policy settings (in that order), if they are set. If none o

n the default recovery message, which will be displayed in the pre-boot key recovery screen. Note: Not all characters and languages are su

When set to "Require complexity" a connection to a domain controller is necessary when BitLocker is enabled to validate the complexity the

matches the value configured for the identification field. The allowed identification field is used in combination with the "Deny write acces
y setting, a default object identifier is used.

tup wizard" to prevent users from specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able

cy setting, the wizard will display the page to allow the user to configure advanced startup options for BitLocker. You can further configure
ccess the drive. On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added prot
Network Unlock Certificate" on the domain controller to distribute this certificate to computers in your organization. This unlock method u
specified by the setup script. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0
BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the TPM will not rel
ing access to the BitLocker-encrypted operating system drive. If any of these components change while BitLocker protection is in effect, the

BitLocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available
on such devices. These options include: - Configure TPM startup PIN: Required/Allowed - Configure TPM startup key and PIN: Required/A

ot verifies BCD settings according to the Secure Boot policy setting, which is configured separately from BitLocker. Note: If the group policy
recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option to use whe
ity requirements on the password, select "Require complexity". When set to "Require complexity" a connection to a domain controller is n

d specified, or if the drive has the same identification field as specified in the "Provide unique identifiers for your organization" policy settin

er will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available BitLock
m specifying recovery options when they turn on BitLocker on a drive. This means that you will not be able to specify which recovery option

assword, select "Require complexity". When set to "Require complexity" a connection to a domain controller is necessary when BitLocker
den by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks:
ave an identification field specified, or if the drive has the same identification field as specified in the "Provide unique identifiers for your or

tLocker will use hardware-based encryption with the encryption algorithm set for the drive. If hardware-based encryption is not available B
me sample differs from the the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted cons
te. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time o

s disconnected and the manual connection is allowed. - When the computer is already connected to either a non-domain based network o
example, when a computer is connected to Internet using a WLAN connection and the user plugs in to an Ethernet network, network traffi
io-specific policy settings when it is enabled or disabled. Scenario-specific policy settings only take effect if this policy setting is not configu
ng and outgoing files will be enabled.
Block at First Sight” feature will not function. Real-time Protection -> Do not enable the “Turn off real-time protection” policy or the “Block

s been detected, including where the software came from, the actions that you apply or that are applied automatically, and whether the ac

led. You can exclude folders or files in the ""Exclude files and paths from Attack Surface Reduction Rules"" GP setting.

to are required to adhere to this policy setting.


og box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.

setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from
displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" p

operate correctly. If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users i

ault context menu" policy setting.

n to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.

y, but the installed program might not operate correctly. Note: If it is enabled, the "Do not request alternate credentials" setting takes prec

otal of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group
ecedence over Internet search links. The first several links will also be pinned to the Start menu. A total of four links can be included on th
cy setting is not enabled.
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu
nt than the location of the item. If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch qu

attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears su
Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=25131).
syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remove the current definition
gs\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.

you do not configure this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages.
ck box is cleared and administrators cannot select it. If you do not configure this policy setting, Windows Defender Firewall does not open
allow certain message types, then later disable this policy setting, Windows Defender Firewall deletes the list of message types that you h
in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabl

omponent in Control Panel, also enable the "Windows Defender Firewall: Allow local port exceptions" policy setting. If you disable this pol
r Firewall with Advanced Security to specify that local firewall rules should not apply.
with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disabl
If you do not configure this policy setting, Windows Defender Firewall does not open this port. Therefore, the computer cannot receive Rem

ent of Control Panel, the "UPnP framework" check box is cleared and administrators cannot select it. If you do not configure this policy setti
syntax format. To remove a program, click its definition, and then press the DELETE key. To edit a definition, remove the current definition
gs\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.

you do not configure this policy setting, Windows Defender Firewall applies other policy settings that allow unsolicited incoming messages.
ck box is cleared and administrators cannot select it. If you do not configure this policy setting, Windows Defender Firewall does not open
allow certain message types, then later disable this policy setting, Windows Defender Firewall deletes the list of message types that you h
in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabl

omponent in Control Panel, also enable the "Windows Defender Firewall: Allow local port exceptions" policy setting. If you disable this pol
r Firewall with Advanced Security to specify that local firewall rules should not apply.
with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disabl
If you do not configure this policy setting, Windows Defender Firewall does not open this port. Therefore, the computer cannot receive Rem

ent of Control Panel, the "UPnP framework" check box is cleared and administrators cannot select it. If you do not configure this policy setti
nd the user cannot configure the HTTP proxy. If you do not configure this policy setting, users can configure the HTTP proxy settings.
users can configure the MMS proxy settings.

not access an MMS or RTSP URL from a Windows Media server. If the "Hide network tab" policy setting is enabled, the entire Network tab is

umerates the available IP addresses on the computer and uses only addresses that fall within one of the filter ranges. You should use an as

ding attacks).

enabled, the links to Windows Update on the Start menu are also removed. Note: If you have installed Windows XP Service Pack 1 or the u
cy setting is enabled.
ox policy setting is enabled.
on. On Windows 8 and Windows RT, if this policy is Enabled, then only notifications related to restarts and the inability to detect updates w
s will be notified that they are ready to install. After going to Windows Update, users can install them. 4 = Automatically download update
ad server), instead of Windows Update, to search for and download updates. Enabling this setting means that end users in your organizatio

unt Control window and do not need elevated permissions to do either of these update-related tasks. On Vista: If you enable this policy se

ns for optional applications and updates. If you disable or do not configure this policy setting, Windows 7 users will not be offered detailed

d on Windows RT. Setting this policy will not have any effect on Windows RT PCs.

fter Semi-Annual Channel (Targeted), indicating that Microsoft, Independent Software Vendors (ISVs), partners and customer believe that t

duling). If you disable or do not configure this policy, the default behaviors will be used. If any of the following policies are configured, this

e, you should not enable this policy setting if the domain is not at the Windows Server 2008 domain functional level. If you disable or do n

n, and then, in the System variables box, click Path.


evice will be prevented from enabling them. If this policy setting is not configured or is enabled, users can choose to enable or disable eith

o prevents them from manually specifying the local folder in which Work Folders stores files. By default, Work Folders is stored in the "%US

indows apps can access cellular data by using Settings > Network - Internet > Cellular on the device. If an app is open when this Group Poli
gure it, "Add programs from your network" is available to all users. Note: If the "Hide Add New Programs page" setting is enabled, this setti

ponents page" setting. If the "Hide Add/Remove Windows Components page" setting is enabled, this setting is ignored.

cy set by the registry DWORD value HKLM\System\CurrentControlSet\Control\WOW\DisallowedPolicyDefault. If that value is non-0, this pr

useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is p

. These services can be configured by using the Services snap-in to the Microsoft Management Console.

is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applie
is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
ect is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
lied on a device, employees must restart the app or device for the policy changes to be applied to the app.
e, employees must restart the app or device for the policy changes to be applied to the app.
must restart the app or device for the policy changes to be applied to the app.
employees must restart the app or device for the policy changes to be applied to the app.
cy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
oup Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
s applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
n a device, employees must restart the app or device for the policy changes to be applied to the app.
olicy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
nicate with unpaired wireless devices by using Settings > Privacy on the device. If an app is open when this Group Policy object is applied o
st restart the app or device for the policy changes to be applied to the app.
Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.
indows apps can get diagnostic information about other apps by using Settings > Privacy on the device. If an app is open when this Group

r the cache has been successfully cleared on transmission and the log has filled up again. Data Block Size: This value specifies the maximum
uration takes precedence over the policy setting in User Configuration.
uration takes precedence over the policy setting in User Configuration.

e origin server); the "Limit the maximum network bandwidth used for Peercaching" policy setting should be used for that purpose. Conside

o policy settings to have any effect. If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and

ify a bitmask, in which the bits describe cost states allowed or disallowed for this priority: (bits described here) 0x1 - The cost is unknown o

e on the lock screen and will be selected by default, unless you have configured another default lock screen image using the "Force a specifi
CPL file, or the CPL file contains multiple applets, then its module name and string resource identification number should be entered, for e

s module name and string resource identification number should be entered. For example, enter @systemcpl.dll,-1 for System or @themec
" protocol part. Example: to specify that only the About and Bluetooth pages should be shown (their respective URIs are ms-settings:abou
en savers do not run.

assword is required immediately after the screen turns off. If you don't configure this policy setting on a workgroup device, a user on a Con

of a single wildcard character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote
n all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fab
urces.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop
/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* R
TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TE
N represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when sp
ces.fabrikam.com This policy setting can be used in combination with the "Allow delegating default credentials" policy setting to define exc
esources.fabrikam.com This policy setting can be used in combination with the "Allow delegating fresh credentials" policy setting to define
hines in .humanresources.fabrikam.com This policy setting can be used in combination with the "Allow delegating saved credentials" policy
g apps can delegate credentials to remote devices. Note: To disable most credential delegation, it may be sufficient to deny delegation in C
gnose and fix problems with devices, which can include the files and content that may have caused a problem with the device. Windows 1
gnose and fix problems with devices, which can include the files and content that may have caused a problem with the device. Windows 1

Activation security check for that DCOM server regardless of local settings. If you disable this policy setting, the appid exemption list define

ministrative Templates\Control Panel. Note: This setting does not apply to remote desktop server sessions.
policy applies to the My Computer icon. Hiding Computer and its contents does not hide the contents of the child folders of Computer. For

as remove the security functionality from each computer, with a physically present user, in order to clear configuration persisted in UEFI.

and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings" policy setting d

s policy setting, and no other policy setting describes the device, the "Prevent installation of devices not described by other policy settings"

-click My Computer, click Properties, click the Hardware tab, and then click the Driver Signing button.
the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Micro

of an NTFS volume, click Properties, click the Quota tab, and then click "Enable quota management."
a disk quota limit, use the "Default quota limit and warning level" policy setting. Otherwise, the system uses the physical space on the volum
n each volume as its quota limit and warning level. When you select a limit, remember that the same limit applies to all users on all volume
an detect that they have reached their limit, because their status in the Quota Entries window changes. Note: To find the logging option, i

ce records for mycomputer.VPNconnection and mycomputer.microsoft.com when this policy setting is enabled. Important: This policy setti

esource records that contain conflicting IP addresses will not be replaced during a dynamic update, and an error will be recorded in Event V
h interval. For example, 1800 seconds is 30 minutes. If you enable this policy setting, registration refresh interval that you specify will be a

unsuccessful, a new DNS suffix is added in place of the failed suffix, and this new query is submitted. The values are used in the order they

d, the DNS client appends the following names to a single-label name when it sends DNS queries: The primary DNS suffix, as specified on t
c DNS suffixes radio button is selected, the DNS client appends the following names to a single-label name when it sends DNS queries: The

st, and then a query for "server.corp.contoso.com." second if the first query fails. If you enable this policy setting, suffixes are allowed to b
ritical are initialized and the initialization of drivers determined to be Bad is skipped. If your malware detection application does not includ

ore information’ websites"": Select this option if you do not want error dialog boxes to display links to Microsoft websites. - ""Do not colle

he Configure Error Reporting and Report Operating System Errors policy settings.
ded from error reporting. You can also use the exclusion list in this policy setting to exclude specific Microsoft applications or parts of Windo
n in the Default application reporting policy setting is set to report no application errors. If the Report all errors in Microsoft applications o
le or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports at the time tha
umber of days between solution check reminders determines the interval time between the display of system notifications that remind the
determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any addition
determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any addition

y. If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sendin
y. If this policy setting is disabled or not configured, then the consent level defaults to the highest-privacy setting: Always ask before sendin

g: - C:\MitigationSettings\Config.XML - \\Server\Share\Config.xml - https://localhost:8080/Config.xml The settings in the XML file will be


files will be disabled. No troubleshooting or resolution will be attempted. If you do not configure this setting, the recovery behavior for co
ther Windows Runtime application will only be able to revoke access to content it protected. Note: File revocation applies to all content p

ailable offline", that setting will override the configured value of "Do not automatically make all redirected folders available offline".

e content from the old network location.


ation and User Configuration, the Computer Configuration policy setting takes precedence.
ation and User Configuration, the Computer Configuration policy setting takes precedence.

configured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make s
configured at the machine level, restrictions will be based on per-user policy settings. To set this policy setting on a per-user basis, make s

policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, r
policy setting is disabled at the computer level, the per-user policy is ignored. If this policy setting is not configured at the computer level, r
leted. Users cannot configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users cannot c
leted. Users cannot configure this setting in Control Panel. If you disable this policy setting, automatic learning is turned on. Users cannot c

) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique. PROCESS_CREATION_M
) for the child process. SEHOP blocks exploits that use the structured exception handler (SEH) overwrite technique. PROCESS_CREATION_M

milliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response from the d
lt is 500 milliseconds. The timeout value that is defined in this policy setting determines how long Group Policy will wait for a response fro

en Group Policy cannot determine the bandwidth speed across Direct Access, Group Policy will evaluate the network connection as a fast li
computer startup after the client computer has joined the domain. 2 - If the policy setting "Always wait for the network at computer startu

ame as if it is not configured.


nd reapplies the policies even if the policies have not changed. Many policy setting implementations specify that they are updated only wh
until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies
system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the poli
es even if the policies have not changed. Many policy implementations specify that they are updated only when changed. However, you m
bled, policy changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not
y changes will not take effect until the next user logon or system restart. The "Process even if the Group Policy objects have not changed" o
s, such as reapplying a desired policy setting in case a user has changed it.
if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy
o update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
on or system restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the
tem restart. The "Process even if the Group Policy objects have not changed" option updates and reapplies the policies even if the policies
n Group Policy Object Editor, preferences have a red icon to distinguish them from true settings, which have a blue icon.
nd Computers, right-click a domain, and then click "Operations Masters."
uration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in Us
uration folders. The setting in Computer Configuration defines a slow link for policies in the Computer Configuration folder. The setting in Us
up Policy refresh interval for computers policy also lets you specify how much the actual update interval varies. To prevent clients with the
h the same update interval from requesting updates simultaneously, the system varies the update interval for each controller by a random
ets you specify how much the actual update interval varies. To prevent clients with the same update interval from requesting updates simul

apanese ADM files, and you see the text in Japanese under Administrative Templates. If you disable or do not configure this setting, the Gr

ts take precedence over the user's normal settings. If you disable this setting or do not configure it, the user's Group Policy Objects determ

ake effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates a
ser Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for i
not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updat
User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing fo
til the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies t
on only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this p
ake effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates an
Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for item
tem changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not chang
User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing fo
t user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the prefere
o computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this preference
ground updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even i
nder User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform trac
the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies th
n only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pre
ntil the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies
on only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this pr
ke effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and
tion only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this p
disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy o
his preference extension is available under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Mo
nd updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the
lable under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perfor
nges do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" opti
e under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform t
es are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group P
nder User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform trac
background updates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process ev
tion only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this p
changes do not take effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" o
lable under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perfor
until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplie
tion only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this p
pdates are disabled, preference item changes do not take effect until the next user logon or system restart. 3. The "Process even if the Grou
ble under User Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform
ntil the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies
ation only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this
ct until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapp
guration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in
ake effect until the next user logon or system restart. 3. The "Process even if the Group Policy objects have not changed" option updates an
Configuration only, so computer configuration tracing is not applicable. 3. Group Policy Modeling query tracing: To perform tracing for item

des any "Permit use of <extension name> preference extension" policy settings. If you do not configure this policy setting, you permit use

use of <extension name> preference extension" policy settings. If you do not configure this policy setting, you permit use of preference ex

ortcut" command is used to add a link to a Help topic, and runs executables that are external to the Help file. The "WinHelp" command is u
t the content zone in which you want to manage ActiveX controls, and then click Custom Level. 4. In the Run ActiveX Controls and Plug-ins
that particular website. If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected M
that particular website. If you enable this policy setting, Internet Explorer will not give the user the option to disable Enhanced Protected M

nctionality of TLS 1.0.


nctionality of TLS 1.0.
the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allo
the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allo
n the 'Add-on List' policy setting. Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add
n the 'Add-on List' policy setting. Note: If an add-on is listed in the 'Add-on List' policy setting, the user cannot change its state through Add

his policy setting take precedence over that setting. If you do not configure this policy, processes other than the Internet Explorer processe
his policy setting take precedence over that setting. If you do not configure this policy, processes other than the Internet Explorer processe
r disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.
r disable IE processes. If the All Processes policy setting is enabled, the processes configured in this box take precedence over that setting.

re is allowed.
re is allowed.

u disable or do not configure this policy setting, the security feature is allowed.
u disable or do not configure this policy setting, the security feature is allowed.

is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, th
is enabled, the processes configured in this box take precedence over that setting. If you disable or do not configure this policy setting, th
y setting, the security feature is allowed.
y setting, the security feature is allowed.
Command bar.
Command bar.

led, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in th
led, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in th
to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.
to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking Delete.

m, or high, or to an integer. If you disable or do not configure this policy setting, the tab process growth is set to the default. The user can c
m, or high, or to an integer. If you disable or do not configure this policy setting, the tab process growth is set to the default. The user can c
nternet Explorer.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
example, precedence, inheritance, or enforce) to apply individual settings to specific targets.

dd to the list, enter the following information: Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The
dd to the list, enter the following information: Valuename – A host for an intranet site, or a fully qualified domain name for other sites. The
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo
sword. If you disable this policy setting, logon is set to Automatic logon only in Intranet zone. If you do not configure this policy setting, lo

and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
and destination are in the same window. Users cannot change this setting in the Internet Options dialog.
t windows. Users cannot change this setting.
t windows. Users cannot change this setting.
his policy setting for an application or process in the list, a script that is running in the application or process cannot bypass the prompt for
his policy setting for an application or process in the list, a script that is running in the application or process cannot bypass the prompt for
off Internet Explorer 7 Standards Mode.
off Internet Explorer 7 Standards Mode.

intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existin
intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existin
icted site zones only Binary Representation - 10110 • 1 - Restricted Sites Zone • 0 - Internet Zone • 1 - Trusted Sites Zone • 1 - Local Intr
icted site zones only Binary Representation - 10110 • 1 - Restricted Sites Zone • 0 - Internet Zone • 1 - Trusted Sites Zone • 1 - Local Intr

mpound authentication and Kerberos armoring" must be enabled on supported systems. If the Kerberos policy setting is not enabled, Kerb

os realm mappings that are defined in the local registry, if they exist.
licy are deleted. If you do not configure this policy setting, the system uses the interoperable Kerberos V5 realm settings that are defined in

does not have KDC proxy servers settings defined by Group Policy.
encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.

le, if Hash Publication for BranchCache is enabled in domain Group Policy, hash publication is turned on for all domain member file servers
generated and retrieved. - Disabled. With this selection, both V1 and V2 hash generation and retrieval are supported. In circumstances w

on is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to

me screen without specifying a setting, clear the ""Show this screen at startup"" check box on the welcome screen.
s the legacy run list"" and the ""Do not process the run once list"" settings.
s the legacy run list"" and the ""Do not process the run once list"" settings.
ser with a roaming profile, home directory, or user object logon script logs on to a computer, computers always wait for the network to be

me screen without specifying a setting, clear the ""Show this screen at startup"" check box on the welcome screen.

ve no effect.
yees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. Employees can change the default search en
yees to use Microsoft Bing as the default search engine, you can set the string to EDGEBING. Employees can change the default search en
ur employee's devices. If you don't configure this setting, the search engine list is set to what is specified in App settings.
ur employee's devices. If you don't configure this setting, the search engine list is set to what is specified in App settings.
sole file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in does not appear. Note: If you enable this setti
file opens, but the prohibited snap-in does not appear.
file opens, but the prohibited snap-in does not appear.
file opens, but the prohibited snap-in does not appear.
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
y prohibit use of the Group Policy tab, disable this setting. If this setting is not configured (or enabled), the Group Policy tab is accessible. W
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ap-ins" is disabled or not configured, users can use any snap-in except those explicitly prohibited. To explicitly prohibit use of this snap-in, d
ffect. Changes take effect immediately. This policy setting will take effect only when MSDT is enabled. This policy setting will only take effe

ble this policy setting, the troubleshooting and recovery behavior for corrupted files will be disabled. No troubleshooting or resolution will

ants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this po
ants to change their privileges and gain permanent access to restricted files and folders. Note that the User Configuration version of this po
, when possible.
hile elevated" policy setting.

oes not prevent users from using other methods to install and upgrade programs.

s considered be enabled, even if it is explicitly disabled in the other folder.


s considered be enabled, even if it is explicitly disabled in the other folder.

m file is available, even if the user is on a different computer or is not connected to the network.

Access rules to the NRPT and resume normal DirectAccess functionality, the user clicks Connect. Note If the DirectAccess client computer

to a file that NCA checks for existence. The contents of the file do not matter. The syntax is “FILE:” followed by a UNC path. The ComputerN
ettings from being updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on th

updated on clients in the domain. When this setting is enabled, an application that relies on the ability to lock files on the SYSVOL share w
abel DNS name that exists in the Active Directory forest to which this computer is joined. If you do not configure this policy setting, it is no
rest. NetBIOS name resolution is performed on the single-label name only, in the event that DNS resolution fails. If you disable this policy s

erberos._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> Dc SRV _ldap._tcp.dc._msdcs.<DnsDomainName> DcAtSite


e Refresh Interval of the DNS zones may result in the undesired deletion of DNS resource records. To specify the Refresh Interval of the DC

s policy setting, it is not applied to any DCs, and DCs use their local configuration.

explicitly, the Try Next Closest Site behavior is honored. If you do not configure this policy setting, Try Next Closest Site DC Location will no
e timer on the cached domain controller entries. If you enable this policy setting, DC Locator on the machine will carry out Force Rediscove
h IPv4 and IPv6 addresses, DC Locator APIs will return IPv4 address. But if the domain controller supports only IPv6 address, then DC Locat

If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based disc

d computers use their local configuration.


the components list (above the button). The Install and Uninstall buttons appear in the properties dialog box for connections. These butto

ed button for TCP/IP configuration. Note: Nonadministrators (excluding Network Configuration Operators) do not have permission to acce

onadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.
ers. If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access conne
over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Abilit
Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN conn

e properties of a component, click the name of the component, and then click the Properties button beneath the component list. Note: No

led, nothing within the properties dialog box for a LAN connection is available to users. Note: Nonadministrators have the right to view the
ear in the Network Connections folder until the folder is refreshed. Note: This setting does not prevent users from using other programs, s
ernet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network S
administrators on post-Windows 2000 computers. If you do not configure this setting, only Administrators and Network Configuration Ope
twork components have configurable properties. For components that are not configurable, the Properties button is always disabled. Note

y user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appear

e: This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.

Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.) By de

and all specified files will be available for offline use.


and all specified files will be available for offline use.
ng a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting
ng a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then click Advanced. This setting
, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, and then use the slider bar associated with the "A

he user through the user interface. The current cache state is retained, and if the cache is only partially encrypted, the operation completes
ng in Computer Configuration takes precedence over the setting in User Configuration.
ng in Computer Configuration takes precedence over the setting in User Configuration.

figure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, cli
figure this setting without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab, cli
"Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008
"Make Available Offline" command is called "Always available offline" on computers running Windows Server 2012, Windows Server 2008
reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline F
reminder balloons without establishing a setting, in Windows Explorer, on the Tools menu, click Folder Options, and then click the Offline F

Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
Offline Files tab, and then select the "Synchronize all offline files before logging off" option.
ed, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization met
ed, the setting in Computer Configuration takes precedence over the setting in User Configuration. Tip: To change the synchronization met

paths. If you do not specify a Latency or Throughput value, computers running Windows Vista or Windows Server 2008 will not use the slow
s occupy to 25 percent of the total space on the drive where the Offline Files cache is located. The limit for automatically cached files is 10
rk Offline mode as well. If you disable or do not configure this policy setting, Windows performs a background sync of offline folders in the
ched. If you enable this policy setting, transparent caching is enabled and configurable. If you disable or do not configure this policy settin

The SSDP service must be enabled (which it is by default) for this policy to have effect.
h the cloud’s scope.

m being able to use their peer to peer applications at home. 3. In order to use a corporate seed server and the global seed server, enable th
l). The SSDP service must enabled (which it is by default) for this policy to have effect.
h the cloud’s scope.

l). The SSDP service must be enabled (which it is by default) for this policy to have effect.
h the cloud’s scope.
e Services snap-in to the Microsoft Management Console.

nt to enable BranchCache. - Enabled. With this selection, BranchCache is turned on for all client computers where the policy is applied. For
u use on individual client computers. - Enabled. With this selection, the BranchCache client computer cache setting is enabled for all client
ache on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write the enabled setting th
ed setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this selection, BranchCache
ot Configured for this domain Group Policy setting, and then configure local computer policy to enable BranchCache latency settings on ind
r performs or does not perform automatic hosted cache server discovery under the following circumstances: If no other BranchCache mod
ou specify. - Disabled. With this selection, this policy setting is not applied to client computers, and the clients run the version of BranchCa
h this policy setting is applied, in addition to the "Set BranchCache Hosted Cache mode" policy setting, use the hosted cache servers that a
election, the BranchCache client computer cache age setting is enabled for all client computers where the policy is applied. For example, if

ce restart is required for this policy to take effect: changes take effect immediately. This policy setting will only take effect when the Diagno
execution policy is not configured. No system restart or service restart is required for this policy to take effect: changes take effect immed
No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only ta
No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only t
lled on the computer. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Edito
lled on the computer. Note: This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Edito
setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy se
setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy se

licy, a running application must be relaunched before settings take effect.


ell" and "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" settings in User Configuration\A
network discovery", and then click "Save changes". If you would like to not display printers of a certain type, enable this policy and set the

pon reconnecting to the server, the client will submit any pending print jobs. Note: Some printer drivers require a custom print processor. In

users can add printers using the methods described above.

net mask).
a computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Win
a computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated. -Win
hat are not automatically republished are never pruned. "Never" is the default. -- "Only if Print Server is found" prunes printer objects tha

g of a printer is always logged. Note: This setting is used only on domain controllers.

ed assigned (partially installed) programs that are offered on the desktop or on the Start menu. If this setting is disabled or is not configure

No system restart or service restart is required for this policy to take effect: changes take effect immediately. This policy setting will only ta
g the System Recovery Options menu, if it is available.

efault behavior for the Shutdown Event Tracker occurs. Note: By default, the Shutdown Event Tracker is only displayed on computers runni
of time that a Remote Assistance invitation created by using email or file transfer can remain open. The "Select the method for sending em
user or group one by one. When you enter the name of the helper user or user groups, use the following format: <Domain Name>\<User

em is rebooted.
error information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings
then: -- "Off" directs the RPC Runtime to generate RPC_S_SEC_PKG_ERROR if the client asks for delegation, but the created security conte
onfigure this policy setting, it will remain disabled. The idle connection timeout on the IIS server running the RPC HTTP proxy will be used.
PC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to com
8 MB of memory and is running Windows 2000 Server, Windows 2000 Advanced Server, or Windows 2000 Datacenter Server. -- "Server" d
However, if the interval is too short, prerequisite tasks might not be done, and the system can appear to be ready prematurely. If you disab
un in the following order for DesktopSales: Within GPO B: B.cmd, B.ps1 Within GPO C: C.cmd, C.ps1 Note: This policy setting determines
hin GPO C: C.cmd, C.ps1 Note: This policy setting determines the order in which user logon and logoff scripts are run within all applicable G
hin GPO C: C.cmd, C.ps1 Note: This policy setting determines the order in which user logon and logoff scripts are run within all applicable G

the Task Scheduler service is in the running state. When the service is stopped or disabled, scheduled diagnostics will not be executed. Th

nable this policy without an allow list. Create a list entry by putting a space in the name field and a space in the value field and then save it.
indows XP SP2, the essential security settings that are monitored by Security Center include firewall, antivirus, and Automatic Updates. No

Server 2008 R2, or 10 minutes in Windows Server 2012.

by the policy settings for the computer.

xe, Powerpnt.exe).
Powerpnt.exe).
e this policy setting, no filtering will take place.

the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not

ommunities key to allow only the local admin group full control. Note: It is good practice to use a cryptic community name. Note: This poli
talled on the client computer. Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
of the File menu. See the "Do not keep history of recently opened documents" setting. This policy setting also does not hide document sho

ustomize it.
ustomize it.

is available from the Start menu.

tting but do not enable the "Remove Recent Items menu from Start Menu" setting, the Recent Items menu appears on the Start menu, but
does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.

this setting.
gon/Logoff.

from appearing next to text entry areas” policy and the “Prevent Input Panel tab from appearing” policy, and disable the “Show Input Pan
from appearing next to text entry areas” policy and the “Prevent Input Panel tab from appearing” policy, and disable the “Show Input Pan

the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable th
the cursor and which keys are tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable th
n the Input Panel Options dialog box. If you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be include
n the Input Panel Options dialog box. If you do not configure this policy, rarely used Chinese, Kanji, and Hanja characters will not be include
and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable t
and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you disable t
rough stateless address auto-configuration. If the ISATAP name is not resolved successfully, the host will have an ISATAP interface configure

6to4 interface. Policy Disabled State: 6to4 is turned off and connectivity with 6to4 will not be available.

te users can only start programs that are listed in the RemoteApp programs list when they start a Remote Desktop Services session.
puter to make Windows Aero features available for remote desktop sessions. For example, the Desktop Experience feature must be installe
onnection Broker, the Configure RD Connection Broker farm name, and the Configure RD Connection Broker server name policy settings.

s policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Config
s policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Config

Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength suppo

on Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended. * SSL (TLS 1.0): The SSL m
uter will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default. Important: Disabling
cate that will expire latest and that matches the current name of the RD Session Host server will be selected. If you disable or do not confi
protocol that is enabled on the client or a smart card can be used for authentication.
mended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not spe
y configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the se

op Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these co

nts\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Networ

If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level. Note: Thi
s\Set time limit for disconnected sessions" policy setting.

directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Ena
directory is not the name of a valid directory, the RD Session Host server connection fails with an error message. If the status is set to Ena

work location. If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the lo
on the RD Session Host server and will store the user profiles locally on the RD Session Host server. If you disable or do not configure this p

aming user profile cache on the local drive. Note: This policy setting is ignored if the "Prevent Roaming Profile changes from propagating
ble this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to
L to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary R
k redirection is allowed. If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redire
mputer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used

ote Desktop Services session. Note: If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy
ote Desktop Services session. Note: If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy

strative Templates\System\Device Installation\Device Installation Restrictions policy settings.

default to the PostScript (PS) fallback printer driver. "Show both PCL and PS if one is not found" - If no suitable driver can be found, show b

ng is not specified at the Group Policy level. Notes: 1. If you enable this policy setting, you must also enable the Configure RD Connection
y setting is supported on at least Windows Server 2008 Standard.
when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directl
n active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member
erwise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy settin
erwise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy settin
Desktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Compu
Desktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Compu
dows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached
dows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached
ktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. Note: This policy setting appe
ktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached. Note: This policy setting appe

he remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. No
fying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been block
ttings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored.
ttings" policy setting. If the list contains a string that is not a certificate thumbprint, it is ignored.
RD Session Host server. For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide cre
tication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to
ssless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase

n if you choose not to use an RDP compression algorithm, some graphics data will still be compressed. If you disable or do not configure t

the medium image compression settings were selected (the default behavior).

nd up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user exper

uiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on p
y running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and
horization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM. The
standard user may have before the user is not allowed to send commands requiring authorization to the TPM. The Standard User Lockout
maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring autho

tes installed by the UE-V Agent will be deleted from the computer and only the templates located in the settings template catalog will be us
an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the norm
an external synchronization engine. UE-V has no control over this synchronization. It only reads and writes the settings data when the norm
n. If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. If you do not configure this policy, no U
n. If you disable this policy setting, no UE-V rollback state is copied to the settings storage location. If you do not configure this policy, no U

er, for it to have any effect, because the client computer sets the file share permissions for the roaming profile at creation time. Note: In th
er exists. If you disable or do not configure this policy setting AND the roaming profile folder exists AND the user or administrators group a
etter, but they cannot see or access its parent directories. %HOMEPATH% stores a final backslash and is included for compatibility with earli

w, the system loads the local copy of the user profile.


of the user profile without consulting the user. In Microsoft Windows Vista, the system will ignore the user choice made on the logon screen
you disable this policy setting or do not configure it, only the default folders are excluded. Note: You cannot use this policy setting to inclu
or roaming users, including the Windows Installer and Group Policy software installation data when those profiles are deleted. Note: If this
e user's profile with the roaming profile server if the maximum profile size limit specified here is exceeded.
etting and the "Only allow local user profiles" setting, roaming profiles are disabled. Note: This setting only affects roaming profile users.

f you set the number of retries to 0, the system tries just once to unload and update the user's registry settings. It does not try again. Note

not always current. Using the local copy is desirable when quick logging on is a priority. Important: If the "Do not detect slow network con
e "Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roa

ured policy setting it reads. 1. Terminal Services roaming profile path specified by Terminal Services policy 2. Terminal Services roaming pr
er with simultaneous uploads. For example, if the settings dictate that the user's registry file is to be uploaded at 6pm, it will actually uploa
onnect with network resources. If you do not configure or disable this policy the user will have full control over this setting and can turn it

out mapping the file share to a drive letter. If you disable or do not configure this policy setting, the user's home folder is configured as spe
by one or more recovery passwords and may help perform specialized recovery when the disk is damaged or corrupted. If you select the o
e to print or save recovery information to a folder. If you disable or do not configure this policy setting, the BitLocker setup wizard will pres
t order), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryptio

characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom m

ed to validate the complexity the password. When set to "Allow complexity" a connection to a domain controller will be attempted to valid

ation with the "Deny write access to removable drives not protected by BitLocker" policy setting to help control the use of removable drive

s means that you will not be able to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options fo

ocker. You can further configure setting options for computers with and without a TPM. If you disable or do not configure this policy setting
at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can
anization. This unlock method uses the TPM on the computer, so computers that do not have a TPM cannot create Network Key Protectors
ter (PCR) indices ranging from 0 to 23, The default platform validation profile secures the encryption key against changes to the Core Root
n is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitLocker Recovery c
Locker protection is in effect, the TPM will not release the encryption key to unlock the drive and the computer will instead display the BitL

based encryption is not available BitLocker software-based encryption will be used instead. Note: The “Choose drive encryption method an
startup key and PIN: Required/Allowed - Configure use of passwords for operating system drives.

Locker. Note: If the group policy setting "Configure TPM platform validation profile for native UEFI firmware configurations" is enabled and
which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the policy setti
ection to a domain controller is necessary when BitLocker is enabled to validate the complexity the password. When set to "Allow complex

or your organization" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will be deleted from the driv

ncryption is not available BitLocker software-based encryption will be used instead. Note: The “Choose drive encryption method and ciphe
to specify which recovery option to use when you turn on BitLocker, instead BitLocker recovery options for the drive are determined by the

ler is necessary when BitLocker is enabled to validate the complexity the password. When set to "Allow complexity" a connection to a dom
Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored.
ide unique identifiers for your organization" policy setting, the user will be prompted to update BitLocker and BitLocker To Go Reader will b

ased encryption is not available BitLocker software-based encryption will be used instead. Note: The “Choose drive encryption method and
k is deemed to have drifted considerably, or spiked in other words. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds. MaxAllow
ot attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary d

r a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additio
Ethernet network, network traffic is routed through the faster Ethernet connection, and the WLAN traffic diminishes. Windows detects this
f this policy setting is not configured. No reboots or service restarts are required for this policy setting to take effect: changes take effect im
e protection” policy or the “Block at First Sight” feature will not function.

utomatically, and whether the actions were successful. Advanced membership, in addition to basic information, will send more information

GP setting.

here to this setting.

der Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\
s to drives from My Computer" policy setting.

og box appears whenever users install programs locally on the computer. By default, users are not prompted for alternate logon credentials

e credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credenti

ult, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is d
f four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Pol
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p
thumbnails from OpenSearch query results in this zone using File Explorer. If you disable this policy setting, users will be prevented from p

the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not
n, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the

unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the "Block all incoming connections" chec
Defender Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other poli
list of message types that you had enabled. If you do not configure this policy setting, Windows Defender Firewall behaves as if you had d
ds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact. If you do not configure this po

cy setting. If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continu

ssages are allowed. If you disable or do not configure this policy setting, Windows Defender Firewall does not open TCP port 135 or 445. A
the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows

u do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot receive Plug
n, remove the current definition from the list and add a new one with different parameters. To allow administrators to add programs to the

unsolicited incoming messages. In the Windows Defender Firewall component of Control Panel, the "Block all incoming connections" chec
Defender Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other poli
list of message types that you had enabled. If you do not configure this policy setting, Windows Defender Firewall behaves as if you had d
ds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact. If you do not configure this po

cy setting. If you disable this policy setting, the port exceptions list defined by Group Policy is deleted, but other policy settings can continu

ssages are allowed. If you disable or do not configure this policy setting, Windows Defender Firewall does not open TCP port 135 or 445. A
the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows

u do not configure this policy setting, Windows Defender Firewall does not open these ports. Therefore, the computer cannot receive Plug
e the HTTP proxy settings.

nabled, the entire Network tab is hidden. If you do not configure this policy setting, users can select the protocols to use on the Network t

ter ranges. You should use an asterisk (*) to indicate that the service listens on all available IP addresses on the computer. When * is used,

ndows XP Service Pack 1 or the update to Automatic Updates that was released after Windows XP was originally shipped, then you should
the inability to detect updates will be shown. The notification options are not supported. Notifications on the login screen will always show
Automatically download updates and install them on the schedule specified below. Specify the schedule using the options in the Group Po
hat end users in your organization don't have to go through a firewall to get updates, and it gives you the opportunity to test updates befor

Vista: If you enable this policy setting, users will not see a User Account Control window and do not need elevated permissions to do eithe

users will not be offered detailed notification messages for optional applications, and Windows Vista users will not be offered detailed notifi

ners and customer believe that the release is ready for broad deployment. When selecting a Preview Build: - You can defer receiving Previ

wing policies are configured, this policy has no effect: 1. No auto-restart with logged on users for scheduled automatic updates installation

onal level. If you disable or do not configure this setting, messages about the previous logon or logon failures are not displayed.
choose to enable or disable either "Connect to suggested open hotspots" or "Connect to networks shared by my contacts".

Work Folders is stored in the "%USERPROFILE%\Work Folders" folder. If this option is not specified, users must use the Work Folders Control

app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be app
page" setting is enabled, this setting is ignored.

ng is ignored.

ult. If that value is non-0, this prevents all 16-bit applications from running. If that value is 0, 16-bit applications are allowed to run. If that v

pplications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, an

r the policy changes to be applied to the app.

lied to the app.


o be applied to the app.

applied to the app.


Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be applied to the app.

applied to the app.


applied to the app.
an app is open when this Group Policy object is applied on a device, employees must restart the app or device for the policy changes to be

This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission fai
e used for that purpose. Consider using this setting to prevent BITS transfers from competing for network bandwidth when the client comp

hing feature will be disabled, and BITS will download files directly from the origin server.

ere) 0x1 - The cost is unknown or the connection is unlimited and is considered to be unrestricted of usage charges and capacity constrain

n image using the "Force a specific default lock screen image" policy. Note: This policy is only available for Enterprise SKUs
number should be entered, for example @systemcpl.dll,-1 for System, or @themecpl.dll,-1 for Personalization. A complete list of canonical

cpl.dll,-1 for System or @themecpl.dll,-1 for Personalization. A complete list of canonical and module names of Control Panel items can be
ective URIs are ms-settings:about and ms-settings:bluetooth) and all other pages hidden: showonly:about;bluetooth Example: to specify t
orkgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a passwo

esources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Deskt
machines in .humanresources.fabrikam.com
e TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Sessio
kam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remot
urces.fabrikam.com machine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.c
character is permitted when specifying the SPN. For Example: TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Ho
ntials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow del
dentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard characters in the "Allow
egating saved credentials" policy setting to define exceptions for specific servers that are otherwise permitted when using wildcard charac
sufficient to deny delegation in Credential Security Support Provider (CredSSP) by modifying Administrative template settings (located at Co
lem with the device. Windows 10 diagnostics data settings applies to the Windows operating system and apps included with Windows. Th
lem with the device. Windows 10 diagnostics data settings applies to the Windows operating system and apps included with Windows. Th

the appid exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used. If you do not c
e child folders of Computer. For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even

onfiguration persisted in UEFI. The "Enabled without lock" option allows Virtualization Based Protection of Code Integrity to be disabled

r policy settings" policy setting determines whether the device can be installed.

scribed by other policy settings" policy setting determines whether the device can be installed.
he Services snap-in to the Microsoft Management Console. Note: For Windows Server systems, this policy setting applies only if the Deskt

s the physical space on the volume as the quota limit.


applies to all users on all volumes, regardless of actual volume size. Be sure to set the limit and warning level so that it is reasonable for th
ote: To find the logging option, in My Computer, right-click the name of an NTFS file system volume, click Properties, and then click the Quo

bled. Important: This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled. If you disable this policy se

error will be recorded in Event Viewer.


nterval that you specify will be applied to all network connections used by computers that receive this policy setting. If you disable this pol

alues are used in the order they appear in the string, starting with the leftmost value and proceeding to the right until a query is successful

mary DNS suffix, as specified on the Computer Name tab of the System control panel. Each connection-specific DNS suffix, assigned either
when it sends DNS queries: The primary DNS suffix, as specified on the Computer Name tab of the System control panel. Each connection

setting, suffixes are allowed to be appended to an unqualified multi-label name if the original name query fails. If you disable this policy se
ction application does not include an Early Launch Antimalware boot-start driver or if your Early Launch Antimalware boot-start driver has

rosoft websites. - ""Do not collect additional files"": Select this option if you do not want additional files to be collected and included in err

oft applications or parts of Windows if the check boxes for these categories are filled in the Default application reporting settings policy setti
rrors in Microsoft applications or Report all errors in Windows components check boxes in the Default Application Reporting policy setting
only send reports at the time that a problem occurs.
em notifications that remind the user to check for solutions to problems. A value of 0 disables the reminder. If you disable or do not config
for consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically.
for consent to send any additional data requested by Microsoft. - 4 (Send all data): Any data requested by Microsoft is sent automatically.

etting: Always ask before sending data.


etting: Always ask before sending data.

e settings in the XML file will be applied to the endpoint. Disabled Common settings will not be applied, and the locally configured setting
ng, the recovery behavior for corrupted files will be set to the regular recovery behavior. No system or service restarts are required for cha
evocation applies to all content protected under the same second level domain as the provided enterprise identifier. So, revoking an enterp

folders available offline".

tting on a per-user basis, make sure that you do not configure the per-machine policy setting.
tting on a per-user basis, make sure that you do not configure the per-machine policy setting.

nfigured at the computer level, restrictions are based on per-user policies.


nfigured at the computer level, restrictions are based on per-user policies.
ning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if han
ning is turned on. Users cannot configure this policy setting in Control Panel. Collected data is only used for handwriting recognition, if han

chnique. PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100) The force Address Space Lay


chnique. PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100) The force Address Space Lay

ill wait for a response from the domain controller before determining that there is no network connectivity. This stops the current Group P
Policy will wait for a response from the domain controller before determining that there is no network connectivity. This stops the current G

e network connection as a fast link and process all client side extensions. If you disable this setting or do not configure it, Group Policy wil
the network at computer startup and logon" is enabled. If you disable or do not configure this policy setting, detecting a slow network co

y that they are updated only when changed. However, you might want to update unchanged policy settings, such as reapplying a desired p
d" option updates and reapplies the policies even if the policies have not changed. Many policy implementations specify that they are upd
plies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. Ho
when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has changed it.
e Group Policy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy imp
olicy objects have not changed" option updates and reapplies the policies even if the policies have not changed. Many policy implementatio

s have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update u

reapplies the policies even if the policies have not changed. Many policy implementations specify that they are updated only when change
s the policies even if the policies have not changed. Many policy implementations specify that they are updated only when changed. Howe
e a blue icon.

guration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not det
guration folder. The setting in User Configuration defines a slow link for settings in the User Configuration folder. Also, see the "Do not det
ries. To prevent clients with the same update interval from requesting updates simultaneously, the system varies the update interval for ea
for each controller by a random number of minutes. The number you type in the random time box sets the upper limit for the range of var
al from requesting updates simultaneously, the system varies the update interval for each client by a random number of minutes. The numb

not configure this setting, the Group Policy Object Editor snap-in always loads all ADM files from the actual GPO. Note: If the ADMs that yo

er's Group Policy Objects determines which user settings apply. Note: This setting is effective only when both the computer account and th

e not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implement
y tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a p
have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implem
ery tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a
" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify
erform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Pla
not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementa
acing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path
up Policy objects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Ma
ry tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a
updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify that they
cing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Planning trac
m restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if th
ng query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must prov
option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specify t
form tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Plan
d" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specif
rform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Pla
not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementati
perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "P
rocess even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the preference items
t applicable. 3. Group Policy Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group
start. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the pr
Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you mu
objects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many polic
eling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must p
The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the preference
g query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must prov
ystem restart. 3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even
erform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Pla
olicy objects have not changed" option updates and reapplies the preference items even if the preference items have not changed. Many p
Modeling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you mu
ged" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations spec
perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "Pl
3. The "Process even if the Group Policy objects have not changed" option updates and reapplies the preference items even if the prefere
deling query tracing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must
d" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations specif
perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in the "P
anged" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementations sp
To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path in th
not changed" option updates and reapplies the preference items even if the preference items have not changed. Many policy implementa
acing: To perform tracing for items in this preference extension when you perform a Group Policy Modeling query, you must provide a path

his policy setting, you permit use of preference extensions under Control Panel Settings for Computer Configuration unless restricted by the

you permit use of preference extensions under Control Panel Settings for User Configuration unless restricted by the "Restrict users to the

le. The "WinHelp" command is used to add a link to a Help topic, and runs a WinHLP32.exe Help (.hlp) file. To disallow the "Shortcut" and
un ActiveX Controls and Plug-ins area, click Administrator Approved.
to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configur
to disable Enhanced Protected Mode. All Protected Mode websites will run in Enhanced Protected Mode. If you disable or do not configur
cify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user t
cify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user t
not change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for mo
not change its state through Add-on Manager (unless its value has been set to allow user management - see the 'Add-on List' policy for mo

n the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless "All Processes" is
n the Internet Explorer processes will not be affected by add-on management user preferences or policy settings (unless "All Processes" is
e precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.
e precedence over that setting. If you disable or do not configure this policy setting, the security feature is allowed.

t configure this policy setting, the security feature is allowed.


t configure this policy setting, the security feature is allowed.
s unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explore
s unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explore
set to the default. The user can change this value by using the registry key. Note: On Terminal Server, the default value is the integer “1”.
set to the default. The user can change this value by using the registry key. Note: On Terminal Server, the default value is the integer “1”.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon only in Intranet zone.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Prompt for username and password.
t configure this policy setting, logon is set to Prompt for username and password.
t configure this policy setting, logon is set to Prompt for username and password.
t configure this policy setting, logon is set to Prompt for username and password.
domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the
domain name for other sites. The valuename may also include a specific protocol. For example, if you enter http://www.contoso.com as the
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
t configure this policy setting, logon is set to Automatic logon with current username and password.
ss cannot bypass the prompt for delete, copy, or paste operations from the Clipboard. If you do not configure this policy setting, current va
ss cannot bypass the prompt for delete, copy, or paste operations from the Clipboard. If you do not configure this policy setting, current va
eatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This o
eatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This o
usted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone
usted Sites Zone • 1 - Local Intranet Zone • 0 - Local Machine Zone

olicy setting is not enabled, Kerberos authentication messages will not use these features. If you configure "Supported", the domain contr

realm settings that are defined in the local registry, if they exist.
r all domain member file servers to which the policy is applied. The file servers are then able to create content information for all content th
e supported. In circumstances where this setting is enabled, you can also select and configure the following option: Hash version supporte

ons and configuring file servers to require authenticated access."

ways wait for the network to be initialized before logging the user on. If a user has never logged on to this computer before, computers alw
an change the default search engine at any time, unless you disable the "Allow search engine customization" setting, which restricts any ch
an change the default search engine at any time, unless you disable the "Allow search engine customization" setting, which restricts any ch
n App settings.
n App settings.
ear. Note: If you enable this setting, and you do not enable any settings in the Restricted/Permitted snap-ins folder, users cannot use any M

itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
Group Policy tab is accessible. When the Group Policy tab is inaccessible, it does not appear in the site, domain, or organizational unit pro
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
itly prohibit use of this snap-in, disable this policy setting. If this policy setting is not configured or enabled, the snap-in is permitted. When
s policy setting will only take effect when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disable

oubleshooting or resolution will be attempted. If you do not configure this policy setting, the recovery behavior for corrupted files will be s

r Configuration version of this policy setting is not guaranteed to be secure.


r Configuration version of this policy setting is not guaranteed to be secure.

he DirectAccess client computer is on the intranet and has correctly determined its network location, the Disconnect option has no effect b

d by a UNC path. The ComputerName portion of the UNC path must resolve to an IPv6 address or contain an IPv6 address. Examples: FILE:\
s on the ability to lock files on the Netlogon share with only read permission will be able to deny Group Policy clients from reading the files

lock files on the SYSVOL share with only read permission will be able to deny Group Policy clients from reading the files, and in general the
nfigure this policy setting, it is not applied to any computers, and computers use their local configuration.
n fails. If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is not enabled, computers to which this policy is appl

nsDomainName> DcAtSite SRV _ldap._tcp.<SiteName>._sites.dc._msdcs.<DnsDomainName> Rfc1510Kdc SRV _kerberos._tcp.<


fy the Refresh Interval of the DC records, click Enabled, and then enter a value larger than 1800. This value specifies the Refresh Interval of

t Closest Site DC Location will not be used by default for the machine. If the DS_TRY_NEXTCLOSEST_SITE flag is used explicitly, the Next Clo
ne will carry out Force Rediscovery periodically according to the configured time interval. The minimum time interval is 3600 seconds (1 ho
only IPv6 address, then DC Locator APIs will fail. If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv6 DC addres

mechanism when DNS based discovery fails.

box for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections.

do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting. Tip: To open the Advance

rdless of this setting.


ete all user remote access connections. Important: When enabled, the "Prohibit deletion of remote access connections" setting takes prec
cess connections, and the "Ability to delete all user remote access connections" setting is ignored. Note: LAN connections are created and
cess to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an

ath the component list. Note: Not all network components have configurable properties. For components that are not configurable, the Pr

trators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
ers from using other programs, such as Internet Explorer, to bypass this setting.
nnection Wizard. The Network Setup Wizard is disabled. Note: If you enable the "Windows Firewall: Protect all network connections" polic
s and Network Configuration Operators can change properties of all-user remote access connections. Note: This setting takes precedence o
button is always disabled. Note: When the "Ability to change properties of an all user remote access connection" or "Prohibit changing pr

e connection, Properties appears on the File menu. Note: This setting takes precedence over settings that manipulate the availability of fea

mote access connections.

Windows XP Professional.) By default, ICS is disabled when you create a remote access connection, but administrators can use the Advance

hen click Advanced. This setting corresponds to the settings in the "Exception list" section.
hen click Advanced. This setting corresponds to the settings in the "Exception list" section.
slider bar associated with the "Amount of disk space to use for temporary offline files" option.

rypted, the operation completes so that it is fully encrypted. The cache does not return to the unencrypted state. The user must be an adm

ons, click the Offline Files tab, click Advanced, and then select an option in the "When a network connection is lost" section. Also, see the "
ons, click the Offline Files tab, click Advanced, and then select an option in the "When a network connection is lost" section. Also, see the "
ver 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. This policy setting does not preven
ver 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista. This policy setting does not preven
tions, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.
tions, and then click the Offline Files tab. This setting corresponds to the "Enable reminders" check box.

change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offlin
change the synchronization method without setting a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offlin

Server 2008 will not use the slow-link mode. If you do not configure this policy setting, computers running Windows Vista or Windows Ser
r automatically cached files is 100 percent of the total disk space limit. However, the users can change these values using the Offline Files c
ound sync of offline folders in the slow-link mode at a default interval with the start of the sync varying between 0 and 60 additional minute
o not configure this policy setting, remote files will be not be transparently cached on client computers.

the global seed server, enable the setting; insert the fully qualified domain name or IPv6 address of the corporate seed server, leave the ch
s where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache is turned on for all domain membe
he setting is enabled for all client computers where the policy is applied. For example, if Set percentage of disk space used for client compu
over-write the enabled setting that you use on individual client computers where you want to enable BranchCache. - Enabled. With this se
With this selection, BranchCache distributed cache mode is enabled for all client computers where the policy is applied. For example, if thi
nchCache latency settings on individual client computers. Because the domain Group Policy setting is not configured, it will not over-write t
es: If no other BranchCache mode-based policy settings are applied, the client computer performs automatic hosted cache server discovery
ents run the version of BranchCache that is included with their operating system. In circumstances where this setting is enabled, you can al
the hosted cache servers that are specified in this policy setting and do not use the hosted cache server that is configured in the policy setti
policy is applied. For example, if this policy setting is enabled in domain Group Policy, the BranchCache client computer cache age that you

only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios wil
ffect: changes take effect immediately. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. Wh
y. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disable
ely. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disabl
uration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
uration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
omputer Configuration policy setting takes precedence over the User Configuration policy setting.
omputer Configuration policy setting takes precedence over the User Configuration policy setting.

" settings in User Configuration\Administrative Templates\Windows Components\Windows Explorer, and by the "Enable Active Desktop" se
e, enable this policy and set the number of printers to display to 0. In Windows 10 and later, only TCP/IP printers can be shown in the wiza

quire a custom print processor. In some cases the custom print processor may not be installed on the client machine, such as when the prin

iver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their
iver needs to be updated. -Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their
ound" prunes printer objects that are not automatically republished only when the print server responds, but the printer is unavailable. --

tting is disabled or is not configured, the "Install a program from the network" task to the "Get Programs" page will be available to all users.

ely. This policy setting will only take effect when the Diagnostic Policy Service is in the running state. When the service is stopped or disable

ly displayed on computers running Windows Server.


elect the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depen
ormat: <Domain Name>\<User Name> or <Domain Name>\<Group Name> If you enable this policy setting, you should also enable firew

ust begin with one of the strings in the Extended Error Information Exception field. -- "Off with Exceptions" disables extended error inform
n, but the created security context does not support delegation. -- "On" directs the RPC Runtime to accept security contexts that do not su
he RPC HTTP proxy will be used. If you enable this policy setting, and the IIS server running the RPC HTTP proxy is configured with a lower
ent if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be a
Datacenter Server. -- "Server" directs RPC to maintain basic state information on the computer, regardless of its capacity. -- "Full" directs
ready prematurely. If you disable or do not configure this setting the system lets the combined set of scripts run for up to 600 seconds (10
: This policy setting determines the order in which computer startup and shutdown scripts are run within all applicable GPOs. You can over
pts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the fo
pts are run within all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the fo

nostics will not be executed. The Task Scheduler service can be configured with the Services snap-in to the Microsoft Management Consol

the value field and then save it. This will create a placeholder entry that is ignored by the program.
rus, and Automatic Updates. Note that Security Center might not be available following a change to this policy setting until after the comp
p anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. If you disable this policy, Sma

ommunity name. Note: This policy setting has no effect if the SNMP agent is not installed on the client computer. Also, see the other two S
nd "Specify Community Name".
lso does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. This polic

appears on the Start menu, but it is empty. If you enable this setting, but then later disable it or set it to Not Configured, the document sh
ecent files" setting.
and disable the “Show Input Panel taskbar icon” policy, the user will then have no way to access Input Panel.
and disable the “Show Input Panel taskbar icon” policy, the user will then have no way to access Input Panel.

tions dialog box. If you enable this policy and choose “Medium” from the drop-down box, password security is set to “Medium.” At this se
tions dialog box. If you enable this policy and choose “Medium” from the drop-down box, password security is set to “Medium.” At this se
nja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this se
nja characters will not be included in recognition results when handwriting is converted to typed text. Users will be able to configure this se
tions dialog box. If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out ges
tions dialog box. If you disable this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch-out ges
ve an ISATAP interface configured with a link-local address. Policy Disabled State: No ISATAP interfaces are present on the host.

Desktop Services session.


perience feature must be installed on the remote computer, and the maximum color depth on the remote computer must be set to 32 bits
er server name policy settings.

configured, the Computer Configuration policy setting takes precedence.


configured, the Computer Configuration policy setting takes precedence.

he maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-b

nded. * SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the c
by default. Important: Disabling this policy setting provides less security because user authentication will occur later in the remote connecti
d. If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-si

" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the
ernate RD Gateway server, the server that you specify in this policy setting is used by default. Note: If you disable or do not configure this p

ormat is always used for these connections. 3.For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier

ote connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring

he Group Policy level. Note: This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Rem

ssage. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Wo
ssage. If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Wo

n the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path a
isable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profil

ofile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\
nts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
eady been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Ho
ed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file. If you do not configure this policy se
udio playback quality will be used. Audio playback quality can be configured on the client computer by using the audioqualitymode setting

, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.

able driver can be found, show both PS and PCL-based fallback printer drivers. If you disable this policy setting, the RD Session Host server

ble the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. 2. For Windows Serv
ou do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. If you do not configure this
in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Ses
e administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting app
e administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting app
y setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuratio
y setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuratio
on when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy s
on when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy s
d. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Com
d. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Com

publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration nod
hat the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configurati

e terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be pr
lient establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
g results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only. If you d

ou disable or do not configure this policy setting, the default RDP compression algorithm will be used.

ously try to adapt the user experience to varying network quality.

narios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TP
nforce or ignore the default and local lists of blocked TPM commands.
g authorization to the TPM. The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all sta
TPM. The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have b
send commands requiring authorization to the TPM. This value is the maximum total number of authorization failures all standard users m

ttings template catalog will be used. If you disable this policy setting, the UE-V Agent will not use the custom settings location templates. If
the settings data when the normal UE-V triggers take place. With notifications enabled, UE-V users receive a message when the settings sy
the settings data when the normal UE-V triggers take place. With notifications enabled, UE-V users receive a message when the settings sy
do not configure this policy, no UE-V rollback state is copied to the settings storage location.
do not configure this policy, no UE-V rollback state is copied to the settings storage location.

file at creation time. Note: In the default case, administrators have no file access to the user's profile, but they may still take ownership of
e user or administrators group are not the owner of the folder, Windows will not copy files to or from the roaming folder. The user will be s
uded for compatibility with earlier systems.

choice made on the logon screen. Note: This policy setting and related policy settings in this folder define the system's response when roa
ot use this policy setting to include the default folders in a roaming user profile.
profiles are deleted. Note: If this policy setting is enabled for a machine, local administrator action is required to remove the Windows Inst

affects roaming profile users.

ttings. It does not try again. Note: This policy setting is particularly important to servers running Remote Desktop Services. Because Remote

Do not detect slow network connections" policy setting is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roam
the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the syste

2. Terminal Services roaming profile path specified by the user object 3. A per-computer roaming profile path specified in this policy 4. A
ded at 6pm, it will actually upload at a random time between 6pm and 7pm. Note: If "Run at set interval" is selected, the "Time of day" op
l over this setting and can turn it off and on. Selecting this option may have a negative impact on certain enterprise software and/or line of

home folder is configured as specified in the user's Active Directory Domain Services account. If the "Set Remote Desktop Services User Ho
or corrupted. If you select the option to "Require BitLocker backup to AD DS" BitLocker cannot be turned on unless the computer is conne
e BitLocker setup wizard will present users with ways to store recovery options. Note: If Trusted Platform Module (TPM) initialization is nee
XTS-AES 128-bit or the encryption method specified by the setup script.”

aracters you use for the custom message or URL appear correctly on the pre-boot recovery screen.

troller will be attempted to validate the complexity adheres to the rules set by the policy, but if no domain controllers are found the passw

ntrol the use of removable drives in your organization. It is a comma separated list of identification fields from your organization or other e

ad BitLocker recovery options for the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Director

o not configure this policy setting, the BitLocker setup wizard will display basic steps that allow users to turn on BitLocker on computers wit
TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit person
ot create Network Key Protectors to automatically unlock with Network Unlock. If you disable or do not configure this policy setting, BitLoc
gainst changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), th
display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlock the drive. If y
puter will instead display the BitLocker Recovery console and require that either the recovery password or recovery key be provided to unlo

oose drive encryption method and cipher strength” policy setting does not apply to hardware-based encryption. The encryption algorithm

e configurations" is enabled and has PCR 7 omitted, Bitlocker will be prevented from using Secure Boot for platform or Boot Configuration D
re determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose which BitLocker
rd. When set to "Allow complexity" a connection to a domain controller will be attempted to validate the complexity adheres to the rules s

der will be deleted from the drive. In this situation, for the fixed drive to be unlocked on computers running Windows Server 2008, Window

ve encryption method and cipher strength” policy setting does not apply to hardware-based encryption. The encryption algorithm used by
r the drive are determined by the policy setting. In "Save BitLocker recovery information to Active Directory Domain Services" choose whic

mplexity" a connection to a domain controller will be attempted to validate the complexity adheres to the rules set by the policy, but if no

nd BitLocker To Go Reader will be deleted from the drive. In this situation, for the removable drive to be unlocked on computers running W

ose drive encryption method and cipher strength” policy setting does not apply to hardware-based encryption. The encryption algorithm us
nits (ns) or 5 seconds. MaxAllowedPhaseOffset If a response is received that has a time variation that is larger than this parameter value,
puters that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization par

manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manu
iminishes. Windows detects this circumstance and responds by disconnecting the WLAN connection. If this policy setting is disabled, multi
ake effect: changes take effect immediately.
ation, will send more information to Microsoft about malicious software, spyware, and potentially unwanted software, including the locatio

ation\Administrative Templates\Windows Components\File Explorer.


ed for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credential

pted for alternate logon credentials on any installation.

Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider"
nless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disab
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer
g, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer

p anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app. If you disable this policy, Sma
nistrators to add programs to the local program exceptions list that is defined by the Windows Defender Firewall component in Control Pan

k all incoming connections" check box is cleared by default, but administrators can change it.
an administrator uses other policy settings to open the required ports. In the Windows Defender Firewall component of Control Panel, the
Firewall behaves as if you had disabled it. Note: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound echo
. If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.

other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the "Wind

not open TCP port 135 or 445. Also, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows D
o open the port. In the Windows Defender Firewall component of Control Panel, the "Remote Desktop" check box is cleared. Administrator

e computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable
nistrators to add programs to the local program exceptions list that is defined by the Windows Defender Firewall component in Control Pan

k all incoming connections" check box is cleared by default, but administrators can change it.
an administrator uses other policy settings to open the required ports. In the Windows Defender Firewall component of Control Panel, the
Firewall behaves as if you had disabled it. Note: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound echo
. If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled.

other policy settings can continue to open or block ports. Also, if a local port exceptions list exists, it is ignored unless you enable the "Wind

not open TCP port 135 or 445. Also, on Windows XP Professional with at least SP2 and Windows Server 2003 with at least SP1, Windows D
o open the port. In the Windows Defender Firewall component of Control Panel, the "Remote Desktop" check box is cleared. Administrator

e computer cannot receive Plug and Play messages unless an administrator uses other policy settings to open the required ports or enable
otocols to use on the Network tab. If you disable this policy setting, the Protocols for MMS URLs and Multicast streams areas of the Netwo

n the computer. When * is used, other ranges in the filter are ignored. If the filter is left blank, the service does not listen on any addresses.

inally shipped, then you should use the new Automatic Updates settings located at: 'Computer Configuration / Administrative Templates /
the login screen will always show up.
sing the options in the Group Policy Setting. If no schedule is specified, the default schedule for all installations will be every day at 3:00 AM
opportunity to test updates before deploying them. If the status is set to Disabled or Not Configured, and if Automatic Updates is not disab

elevated permissions to do either of these tasks. If you do not enable this policy setting, then users will always see an Account Control wind

will not be offered detailed notification messages for optional applications or updates. By default, this policy setting is disabled. If you are

: - You can defer receiving Preview Builds for up to 14 days. - To prevent Preview Builds from being received on their scheduled time, you c

d automatic updates installations 2. Always automatically restart at scheduled time 3. Specify deadline before auto-restart for update inst

ures are not displayed.


d by my contacts".

ust use the Work Folders Control Panel item on their computers to set up Work Folders. If this policy setting is disabled or not configured,

for the policy changes to be applied to the app.


tions are allowed to run. If that value is also not present, on Windows 10 and above the OS will launch the 16-bit application support contr

veral hundred times a second, and the performance of the loader is essential. NOTE: Many system processes cache the value of this setting

es to be applied to the app.


vice for the policy changes to be applied to the app.

void permanent transmission failures when the log has reached a significant size. The default value is 65536. When transmitting report da
bandwidth when the client computer has a fast network card (10Mbs), but is connected to the network via a slow link (56Kbs).

e charges and capacity constraints. 0x2 - The usage of this connection is unrestricted up to a certain data limit 0x4 - The usage of this conn

Enterprise SKUs
tion. A complete list of canonical and module names can be found in MSDN by searching "Control Panel items". If both the "Hide specified

es of Control Panel items can be found in MSDN by searching "Control Panel items". If both the "Hide specified Control Panel items" setting
bluetooth Example: to specify that only the Bluetooth page (which has URI ms-settings:bluetooth) should be hidden: hide:bluetooth
screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect

hine TERMSRV/* Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Ses

am.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com


nresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
RV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine TERMSRV/* Remote Desktop Session Host ru
card characters in the "Allow delegating default credentials" server list.
wildcard characters in the "Allow delegating fresh credentials" server list.
tted when using wildcard characters in the "Allow delegating saved credentials" server list.
e template settings (located at Computer Configuration\Administrative Templates\System\Credentials Delegation). Note: On Windows 8.1 a
apps included with Windows. This setting does not apply to third party apps running on Windows 10. If you disable or do not configure thi
apps included with Windows. This setting does not apply to third party apps running on Windows 10. If you disable or do not configure thi

nistrators is used. If you do not configure this policy setting, the appid exemption list defined by local computer administrators is used. Not
their folders and files there, even if this setting is enabled.

of Code Integrity to be disabled remotely by using Group Policy. The "Not Configured" option leaves the policy setting undefined. Group Po
setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed.

vel so that it is reasonable for the range of volumes in the group. This policy setting is effective only when disk quota management is enabl
roperties, and then click the Quota tab.

bled. If you disable this policy setting, or if you do not configure this policy setting, a DNS client computer will not register any A and PTR re

cy setting. If you disable this policy setting, or if you do not configure this policy setting, computers will use the local or DHCP supplied setti

e right until a query is successful or all suffixes are tried. If you disable this policy setting, or if you do not configure this policy setting, the p

ecific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on the DNS tab in the Advanced TCP/IP
control panel. Each connection-specific DNS suffix, assigned either through DHCP or specified in the DNS suffix for this connection box on

fails. If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails. If
ntimalware boot-start driver has been disabled, this setting has no effect and all boot-start drivers are initialized.

o be collected and included in error reports. - ""Do not collect additional computer data"": Select this if you do not want additional informa

tion reporting settings policy setting. If you disable or do not configure this policy setting, the Default application reporting settings policy s
plication Reporting policy setting are filled, Windows Error Reporting reports errors as if all applications in these categories were added to t
r. If you disable or do not configure this policy setting, Windows Error Reporting reports are not queued, and users can only send reports a
Microsoft is sent automatically. If you disable or do not configure this policy setting, then the default consent settings that are applied are
Microsoft is sent automatically. If you disable or do not configure this policy setting, then the default consent settings that are applied are

nd the locally configured settings will be used instead. Not configured Same as Disabled.
vice restarts are required for changes to this policy to take immediate effect after a Group Policy refresh. Note: This policy setting will take
identifier. So, revoking an enterprise ID of mail.contoso.com will revoke the user’s access to all content protected under the contoso.com h
r handwriting recognition, if handwriting personalization is turned on. If you do not configure this policy, users can choose to enable or dis
r handwriting recognition, if handwriting personalization is turned on. If you do not configure this policy, users can choose to enable or dis

00) The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that are not dynamic base compatible by acting a
00) The force Address Space Layout Randomization (ASLR) policy forcibly rebases images that are not dynamic base compatible by acting a

y. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain controlle
nectivity. This stops the current Group Policy processing. Group Policy will run in the background the next time a connection to a domain co

not configure it, Group Policy will evaluate the network connection as a slow link and process only those client side extensions configured t
tting, detecting a slow network connection will not affect whether Group Policy processing will be synchronous or asynchronous.

s, such as reapplying a desired policies in case a user has changed it.


ations specify that they are updated only when changed. However, you might want to update unchanged policies, such as reapplying a des
updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user h
ng in case a user has changed it.
ve not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unch
nged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged poli

ever, you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.

y are updated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a u
dated only when changed. However, you might want to update unchanged policies, such as reapplying a desired setting in case a user has c
older. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\S
older. Also, see the "Do not detect slow network connections" and related policies in Computer Configuration\Administrative Templates\S
varies the update interval for each client by a random number of minutes. The number you type in the random time box sets the upper lim
e upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large
m number of minutes. The number you type in the random time box sets the upper limit for the range of variance. For example, if you type

GPO. Note: If the ADMs that you require are not all available locally in your %windir%\inf directory, you might not be able to see all the se

oth the computer account and the user account are in at least Windows 2000 domains.

hanged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged p
ling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer
ot changed. Many policy implementations specify that they are updated only when changed. However, you might want to update unchang
deling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the compute
policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference item
u must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run
anged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged pr
g query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer wh
nce items have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to
deling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the compute
plementations specify that they are updated only when changed. However, you might want to update unchanged preference items, such a
ovide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run modelin
s the preference items even if the preference items have not changed. Many policy implementations specify that they are updated only wh
y Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the com
policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference item
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run
ny policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference ite
must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run
nged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged pre
ou must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you ru
ms even if the preference items have not changed. Many policy implementations specify that they are updated only when changed. Howev
sion when you perform a Group Policy Modeling query, you must provide a path in the "Planning trace" box to the location where a plannin
e preference items even if the preference items have not changed. Many policy implementations specify that they are updated only when c
p Policy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on
s have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to update
olicy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the
nce items even if the preference items have not changed. Many policy implementations specify that they are updated only when changed.
y Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the com
pplies the preference items even if the preference items have not changed. Many policy implementations specify that they are updated onl
u must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you run
tems have not changed. Many policy implementations specify that they are updated only when changed. However, you might want to upd
p Policy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on
any policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference i
ou must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you ru
erence items even if the preference items have not changed. Many policy implementations specify that they are updated only when chang
Policy Modeling query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the
ny policy implementations specify that they are updated only when changed. However, you might want to update unchanged preference ite
ou must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where you r
Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged preferenc
ry, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer where y
anged. Many policy implementations specify that they are updated only when changed. However, you might want to update unchanged pr
g query, you must provide a path in the "Planning trace" box to the location where a planning trace file can be created on the computer wh

guration unless restricted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting or any "Permit use of <extension n

ted by the "Restrict users to the explicitly permitted list of snap-ins" policy setting or any "Permit use of <extension name> preference exte

To disallow the "Shortcut" and "WinHelp" commands on the entire local system, enable the policy setting and leave the text box on the Se
If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompati
If you disable or do not configure this policy setting, Internet Explorer notifies users and provides an option to run websites with incompati
owed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. If you disable this policy setti
owed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field. If you disable this policy setti
ee the 'Add-on List' policy for more details).
ee the 'Add-on List' policy for more details).

ettings (unless "All Processes" is enabled).


ettings (unless "All Processes" is enabled).
cations that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in I
cations that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in I
efault value is the integer “1”.
efault value is the integer “1”.
r http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are aff
r http://www.contoso.com as the valuename, other protocols are not affected. If you enter just www.contoso.com, then all protocols are aff
ure this policy setting, current values of the URL action for an application or process in the list prevail.
ure this policy setting, current values of the URL action for an application or process in the list prevail.
y be displayed incorrectly. This option matches the default behavior of Internet Explorer.
y be displayed incorrectly. This option matches the default behavior of Internet Explorer.
e "Supported", the domain controller supports claims, compound authentication and Kerberos armoring. The domain controller advertises
ent information for all content that is stored in BranchCache-enabled file shares. - Disabled. With this selection, hash publication is turned
g option: Hash version supported: - To support V1 content information only, configure "Hash version supported" with the value of 1. - To s

computer before, computers always wait for the network to be initialized. If you enable this policy setting, computers wait for the network
n" setting, which restricts any changes. If you disable this setting, the policy-set default search engine is removed. If this is also the current
n" setting, which restricts any changes. If you disable this setting, the policy-set default search engine is removed. If this is also the current
ns folder, users cannot use any MMC snap-ins.

, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
omain, or organizational unit property sheets.
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
, the snap-in is permitted. When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in window in MMC. Also, when a use
the service is stopped or disabled, diagnostic scenarios are not executed. The DPS can be configured with the Services snap-in to the Micr

avior for corrupted files will be set to the default recovery behavior. No system or service restarts are required for changes to this policy se

isconnect option has no effect because the rules for DirectAccess are already removed from the NRPT. If this setting is not configured, use

an IPv6 address. Examples: FILE:\\myserver\myshare\test.txt or FILE:\\2002:836b:1::1\myshare\test.txt. You must configure this setting to
icy clients from reading the files, and in general the availability of the Netlogon share on the domain will be decreased. If you enable this p

ding the files, and in general the availability of the SYSVOL share on the domain will be decreased. If you enable this policy setting, domain

uters to which this policy is applied, will only use NetBIOS name resolution to attempt to locate a domain controller hosting an Active Direc

10Kdc SRV _kerberos._tcp.<DnsDomainName> Rfc1510KdcAtSite SRV _kerberos._tcp.<SiteName>._sites.<DnsDomainName> Gener


specifies the Refresh Interval of the DC records in seconds (for example, the value 3600 is 60 minutes). If you do not configure this policy

ag is used explicitly, the Next Closest Site behavior will be used.


me interval is 3600 seconds (1 hour) to avoid excessive network traffic from rediscovery. The maximum allowed time interval is 4294967200
can return IPv4/IPv6 DC address. This is the default behavior of the DC Locator.

for remote access connections. Note: When the "Prohibit access to properties of a LAN connection", "Ability to change properties of an al

etting. Tip: To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Prop

connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, an
AN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connectio
Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection"

that are not configurable, the Properties button is always disabled. Note: When the "Prohibit access to properties of a LAN connection" se

ss of this setting.

ct all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting ha
: This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties d
nection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Conn

manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the

ministrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can

d state. The user must be an administrator on the local computer to encrypt or decrypt the Offline Files cache. Note: By default, this cache

n is lost" section. Also, see the "Non-default server disconnect actions" setting.
n is lost" section. Also, see the "Non-default server disconnect actions" setting.
is policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only a
is policy setting does not prevent files from being automatically cached if the network share is configured for "Automatic Caching." It only a

k Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.
k Folder Options, click the Offline Files tab, and then select the "Synchronize all offline files before logging on" option.

g Windows Vista or Windows Server 2008 will not transition a shared folder to the slow-link mode. Computers running Windows 7 or Wind
se values using the Offline Files control applet. If you enable this setting and specify a total size limit greater than the size of the drive hosti
ween 0 and 60 additional minutes. In Windows 7 and Windows Server 2008 R2, the default sync interval is 360 minutes. In Windows 8 and

rporate seed server, leave the checkbox unchecked. This is the setting which will allow your mobile users to use peer to peer applications a
turned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, BranchCache is turned off
disk space used for client computer cache is enabled in domain Group Policy, the BranchCache client computer cache setting that you spec
chCache. - Enabled. With this selection, BranchCache hosted cache mode is enabled for all client computers where the policy is applied. Fo
icy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache distributed cache mode is turned on for all domai
onfigured, it will not over-write the latency setting that you use on individual client computers. - Enabled. With this selection, the BranchCa
tic hosted cache server discovery. If one or more hosted cache servers is found, the client computer self-configures for hosted cache mode
his setting is enabled, you can also select and configure the following option: Select from the following versions - Windows Vista with BITS
hat is configured in the policy setting "Set BranchCache Hosted Cache Mode." If you do not configure this policy setting, or if you disable th
nt computer cache age that you specify in the policy is turned on for all domain member client computers to which the policy is applied. -

disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the Microsoft Management Con
ervice is in the running state. When the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configure
the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the M
n the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the M
er Configuration policy setting.
er Configuration policy setting.

y the "Enable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop.


rinters can be shown in the wizard. If you enable this policy setting, only TCP/IP printer limits are applicable. On Windows 10 only, if you dis

t machine, such as when the print server does not support transferring print processors during point-and-print. In the case of a print proces

onnection to any server in their forest using Point and Print. If you disable this policy setting: -Windows Vista client computers can create
onnection to any server in their forest using Point and Print. If you disable this policy setting: -Windows Vista client computers can create
but the printer is unavailable. -- "Whenever printer is not found" prunes printer objects that are not automatically republished whenever t

age will be available to all users. Note: If the "Hide Programs Control Panel" setting is enabled, this setting is ignored.

the service is stopped or disabled, diagnostic scenarios will not be executed. The DPS can be configured with the Services snap-in to the M
ote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects thro
ng, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Uns

" disables extended error information, but lets you enable it for selected processes. To enable extended error information for a process wh
t security contexts that do not support delegation even if delegation was asked for. Note: This policy setting will not be applied until the sy
proxy is configured with a lower idle connection timeout, the timeout on the IIS server is used. Otherwise, the provided timeout value is us
ve specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value
of its capacity. -- "Full" directs RPC to maintain complete RPC state information on the system, regardless of its capacity. Because this leve
pts run for up to 600 seconds (10 minutes). This is the default.
all applicable GPOs. You can override this policy setting for specific script types within a specific GPO by configuring the following policy setti
pecific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff
pecific GPO by configuring the following policy settings for the GPO: User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff

e Microsoft Management Console.


olicy setting until after the computer is restarted for Windows XP SP2 computers. Windows Vista --------------------- In Windows Vista, this p
pp. If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from th

mputer. Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
f recent files" setting. This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application h

ot Configured, the document shortcuts saved before the setting was enabled reappear in the Recent Items menu and program File menus,
ity is set to “Medium.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switc
ity is set to “Medium.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switc
s will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista).
s will be able to configure this setting on the Ink to text conversion tab in Input Panel Options (in Windows 7 and Windows Vista).
and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not co
and the Z-shaped scratch-out gesture. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not co
present on the host.

computer must be set to 32 bits per pixel. Also, the Themes service must be started on the remote computer. If you disable or do not confi

ients that do not support 128-bit encryption. * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit e

ver. If TLS is not supported, the connection fails. This is the recommended setting for this policy. If you disable or do not configure this polic
ccur later in the remote connection process.
p Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server. Note: If you select a specific certificate

M protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting, select the "Allow users
disable or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection att

e Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minim

ct simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote De

vers running Windows with Remote Desktop Session Host role service installed).

ogram and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working direc
ogram and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working direc

e specified Home Dir Root Path and the user's alias. If the status is set to Disabled or Not Configured, the user's home directory is as specifi
You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box. Notes: 1. T

dministrative Templates\System\User Profiles is enabled.


a domain.
to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. If you disab
ou do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.
ng the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic. If you disabl

tting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver

y settings. 2. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
rm. If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy
ession Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
work conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer
work conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer
ured, the Computer Configuration policy setting takes precedence.
ured, the Computer Configuration policy setting takes precedence.
er Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
er Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
settings are configured, the Computer Configuration policy setting takes precedence.
settings are configured, the Computer Configuration policy setting takes precedence.

or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
n node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.

Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
ession Host server.
very specific cases only. If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism th

ner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti
er of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization
res all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM. The TPM
tion failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.

om settings location templates. If you disable this policy setting after it has been enabled, the UE-V Agent will not restore the default Micro
e a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. If you d
e a message when the settings sync is delayed. The notification delay policy setting defines the delay before a notification appears. If you d

they may still take ownership of this folder to grant themselves file permissions. Note: The behavior when this policy setting is enabled is e
oaming folder. The user will be shown an error message and an entry will be written to the event log. The user's cached profile will be used

the system's response when roaming user profiles are slow to download. To adjust the time within which the user must respond to this no

red to remove the Windows Installer or Group Policy software installation data stored in the registry and file system of roaming users' profi

sktop Services. Because Remote Desktop Services edits the users' registry settings when they log off, the system's first few attempts to unlo

e "Delete cached copies of roaming profiles" policy setting is enabled, there is no local copy of the roaming profile to load when the system
ng profile to load when the system detects a slow connection.

path specified in this policy 4. A per-user roaming profile path specified in the user object
is selected, the "Time of day" option is disregarded. Likewise, if "Run at set time of day" is chosen, the "Interval (hours)" option is disregard
nterprise software and/or line of business apps that depend on the domain information protected by this setting to connect with network r

emote Desktop Services User Home Directory" policy setting is enabled, the “Set user home folder” policy setting has no effect.
on unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. This option is sel
Module (TPM) initialization is needed during the BitLocker setup, TPM owner information will be saved or printed with the BitLocker recove
controllers are found the password will still be accepted regardless of actual password complexity and the drive will be encrypted using th

rom your organization or other external organizations. You can configure the identification fields on existing drives by using manage-bde.ex

ry information to Active Directory Domain Services", choose which BitLocker recovery information to store in AD DS for operating system d

n on BitLocker on computers with a TPM. In this basic wizard, no additional startup key or startup PIN can be configured.
ry of a 6-digit to 20-digit personal identification number (PIN), or both. If you enable this policy setting, users can configure advanced start
nfigure this policy setting, BitLocker clients will not be able to create and use Network Key Protectors. Note: For reliability and security, com
he Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the
rovided to unlock the drive. If you disable or do not configure this policy setting, BitLocker uses the default platform validation profile or th
ecovery key be provided to unlock the drive. If you disable or do not configure this policy setting, BitLocker uses the default platform valid

ption. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algo

platform or Boot Configuration Data (BCD) integrity validation. Warning: Disabling this policy may result in BitLocker recovery when firmw
ervices" choose which BitLocker recovery information to store in AD DS for fixed data drives. If you select "Backup recovery password and k
omplexity adheres to the rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of act

g Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Reader must be installed on the c

he encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algorithm c
y Domain Services" choose which BitLocker recovery information to store in AD DS for removable data drives. If you select "Backup recover

rules set by the policy, but if no domain controllers are found the password will still be accepted regardless of actual password complexity

nlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2, BitLocker To Go Rea

tion. The encryption algorithm used by hardware-based encryption is set when the drive is partitioned. By default, BitLocker uses the algori
rger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from t
n be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) i

ction is maintained and the manual connection attempt is blocked. If this policy setting is not configured or is disabled, computers are allow
is policy setting is disabled, multiple simultaneous connections to the Internet, to a Windows domain, or to both are allowed. If this policy
ed software, including the location of the software, file names, how the software operates, and how it has impacted your computer. If you
verrides the "Request credentials for network installations" setting.

ustom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared betwee
up Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Gro
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from Op
ts in this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from Op
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users can preview items and get custom thumbnails from Open
ts in this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from Op
ts in this zone using File Explorer. If you do not configure this policy setting, users cannot preview items or get custom thumbnails from Op

pp. If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from th
ewall component in Control Panel, also enable the "Windows Defender Firewall: Allow local program exceptions" policy setting. If you disa

omponent of Control Panel, the "File and Printer Sharing" check box is cleared. Administrators can change this check box. Note: If any poli
der Firewall allows inbound echo requests, even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them
re disabled.

red unless you enable the "Windows Defender Firewall: Allow local port exceptions" policy setting. If you do not configure this policy setti

03 with at least SP1, Windows Defender Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and
eck box is cleared. Administrators can change this check box."

en the required ports or enable the required programs. In the Windows Defender Firewall component of Control Panel, the "UPnP framew
ewall component in Control Panel, also enable the "Windows Defender Firewall: Allow local program exceptions" policy setting. If you disa

omponent of Control Panel, the "File and Printer Sharing" check box is cleared. Administrators can change this check box. Note: If any poli
der Firewall allows inbound echo requests, even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them
re disabled.

red unless you enable the "Windows Defender Firewall: Allow local port exceptions" policy setting. If you do not configure this policy setti

03 with at least SP1, Windows Defender Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and
eck box is cleared. Administrators can change this check box."

en the required ports or enable the required programs. In the Windows Defender Firewall component of Control Panel, the "UPnP framew
ticast streams areas of the Network tab are not available and the Player cannot receive an MMS or RTSP stream from a Windows Media ser

oes not listen on any addresses. For example, if you want the service to listen only on IPv4 addresses, leave the IPv6 filter empty. Ranges

on / Administrative Templates / Windows Update'


tions will be every day at 3:00 AM. If any updates require a restart to complete the installation, Windows will restart the computer automati
f Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update si

ays see an Account Control window and require elevated permissions to do either of these tasks. On Windows 7 : This policy setting has no

cy setting is disabled. If you are not using the Microsoft Update service, then the Software Notifications policy setting has no effect. If the

ed on their scheduled time, you can temporarily pause them. The pause will remain in effect for 35 days from the start time provided. - To

fore auto-restart for update installation


ng is disabled or not configured, no Work Folders settings are specified for the affected users, though users can manually set up Work Folde
16-bit application support control panel to allow an elevated administrator to make the decision; on windows 7 and downlevel, the OS wil

es cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system a
36. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in byte
a slow link (56Kbs).

imit 0x4 - The usage of this connection is unrestricted up to a certain data limit and plan usage is less than 80 percent of the limit. 0x8 - U
ms". If both the "Hide specified Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Sh

fied Control Panel items" setting and the "Show only specified Control Panel items" setting are enabled, the "Show only specified Control P
be hidden: hide:bluetooth
ngs or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver tu

brikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com

rces.fabrikam.com
Remote Desktop Session Host running on all machines. TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running

gation). Note: On Windows 8.1 and Windows Server 2012 R2, enabling this policy will enforce Restricted Administration mode, regardless
u disable or do not configure this policy setting, users can configure the Telemetry level in Settings.
u disable or do not configure this policy setting, users can configure the Telemetry level in Settings.

uter administrators is used. Notes: The DCOM Activation security check is done after a DCOM server process is started, but before an obje
olicy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on computers or users. If ther
ervices role is not installed.

disk quota management is enabled on the volume. Also, if disk quotas are not enforced, users can exceed the quota limit you set. When us

will not register any A and PTR resource records using a connection-specific DNS suffix.

e the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource r

onfigure this policy setting, the primary DNS suffix and network connection-specific DNS suffixes are appended to the unqualified queries.

DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user submits a query for a single-label nam
suffix for this connection box on the DNS tab in the Advanced TCP/IP Settings dialog box for each connection. For example, when a user su

the original name query fails. If you do not configure this policy setting, computers will use their local DNS client settings to determine the
u do not want additional information about the computer to be collected and included in error reports. - ""Force queue mode for applicati

cation reporting settings policy setting takes precedence.


hese categories were added to the list in this policy setting. (Note: The Microsoft applications category includes the Windows components
nd users can only send reports at the time that a problem occurs.
sent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
sent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
Note: This policy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped o
tected under the contoso.com hierarchy.
sers can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the
sers can choose to enable or disable automatic learning either from the Handwriting tab in the Tablet Settings in Control Panel or from the

mic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not hav
mic base compatible by acting as though an image base collision happened at load time. If relocations are required, images that do not hav

onnection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon. The de
time a connection to a domain controller is established. Setting this value too high might result in longer waits for the user at boot or logon.

ent side extensions configured to process over a slow link.


ous or asynchronous.

policies, such as reapplying a desired setting in case a user has changed it.
a desired setting in case a user has changed it.

you might want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.
want to update unchanged policies, such as reapplying a desired policy setting in case a user has changed it.

er has changed it.

ying a desired setting in case a user has changed it.


sired setting in case a user has changed it.
tion\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If t
tion\Administrative Templates\System\User Profile. Note: If the profile server has IP connectivity, the connection speed setting is used. If t
dom time box sets the upper limit for the range of variance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 m
of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that update requests overlap. However, updates
ariance. For example, if you type 30 minutes, the system selects a variance of 0 to 30 minutes. Typing a large number establishes a broad r

might not be able to see all the settings that have been configured in the GPO that you are editing.

ght want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Polic
u might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
e can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Po
pdate unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or
ht want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy M
ed. However, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has ch
e can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Po
hanged preference items, such as reapplying a desired preference setting in case a user has changed it.
omputer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or there are
fy that they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desire
ce file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Gro
date unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or
update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or
t want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
d on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling o
ated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired preference setting
x to the location where a planning trace file can be created on the computer where you run modeling, and you must turn on the "Tracing"
at they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired pr
ning trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performi
ever, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing G
re updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired preference
ce file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Gro
pecify that they are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a de
d on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling o
However, you might want to update unchanged preference items, such as reapplying a desired preference setting in case a user has change
ning trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performi
update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
d on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling o
ey are updated only when changed. However, you might want to update unchanged preference items, such as reapplying a desired prefere
g trace file can be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing
update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
ed on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Modeling
to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
eated on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy Mode
ht want to update unchanged preference items, such as reapplying a desired preference setting in case a user has changed it.
be created on the computer where you run modeling, and you must turn on the "Tracing" option. If you are not performing Group Policy M

any "Permit use of <extension name> preference extension" policy settings.

xtension name> preference extension" policy settings.

and leave the text box on the Settings tab of the Policy Properties dialog box blank. If you disable or do not configure this policy setting, th
n to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
n to run websites with incompatible ActiveX controls in regular Protected Mode. This is the default behavior.
eld. If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting w
eld. If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting w
n, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
n, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
so.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e
so.com, then all protocols are affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e
he domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dynam
ction, hash publication is turned off for all file servers where Group Policy is applied. In circumstances where this policy setting is enabled,
orted" with the value of 1. - To support V2 content information only, configure "Hash version supported" with the value of 2. - To support

computers wait for the network to be fully initialized before users are logged on. Group Policy is applied in the foreground, synchronously.
moved. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. If you don't con
moved. If this is also the current in-use default, the engine changes to the Microsoft Edge specified engine for the market. If you don't con
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in

ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
ndow in MMC. Also, when a user opens a console file that includes a prohibited snap-in, the console file opens, but the prohibited snap-in
the Services snap-in to the Microsoft Management Console.

uired for changes to this policy setting to take immediate effect after a Group Policy refresh. Note: This policy setting will take effect only w

his setting is not configured, users do not have Connect or Disconnect options.

ou must configure this setting to have complete NCA functionality.


e decreased. If you enable this policy setting, domain administrators should ensure that the only applications using the exclusive read capa

nable this policy setting, domain administrators should ensure that the only applications using the exclusive read capability in the domain a

ontroller hosting an Active Directory domain specified with a single-label name. The computers will not attempt DNS name resolution in th

sites.<DnsDomainName> GenericGc SRV _gc._tcp.<DnsForestName> GenericGcAtSite SRV _gc._tcp.<SiteName>._sites.<DnsForestN


you do not configure this policy setting, it is not applied to any DCs, and DCs use their local configuration.

wed time interval is 4294967200 seconds, while any value greater than 4294967 seconds (~49 days) will be treated as infinity. If you disabl

lity to change properties of an all user remote access connection", or "Prohibit changing properties of a private remote access connection"

a connection icon, and click Properties. For remote access connections, click the Networking tab. In the "Components checked are used b

y remote access connections, and this setting is ignored. Note: LAN connections are created and deleted automatically by the system whe
nnot use the Network Connections folder to create or delete a LAN connection. Note: This setting does not prevent users from using other
vate remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections",

operties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.

omain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall
Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connectio
ccess to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.

ng is enabled, nothing within the properties dialog box for a remote access connection will be available to users. Note: This setting does no

Setup Wizard, administrators can choose to enable ICS. Note: Internet Connection Sharing is only available when two or more network con

che. Note: By default, this cache is protected on NTFS partitions by ACLs. This setting is applied at user logon. If this setting is changed afte
or "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Availab
or "Automatic Caching." It only affects the display of the "Make Available Offline" command in File Explorer. If the "Remove 'Make Availab

on" option.
on" option.

ers running Windows 7 or Windows Server 2008 R2 will use the default latency value of 80 milliseconds when transitioning a folder to the
er than the size of the drive hosting the Offline Files cache, and that drive is the system drive, the total size limit is automatically adjusted do
360 minutes. In Windows 8 and Windows Server 2012, the default sync interval is 120 minutes.

o use peer to peer applications at both work and home seamlessly. 4. In order to not use any seed server, enable the setting; do not insert
ection, BranchCache is turned off for all client computers where the policy is applied. * This policy setting is supported on computers that a
uter cache setting that you specify in the policy is turned on for all domain member client computers to which the policy is applied. - Disab
rs where the policy is applied. For example, if this policy is enabled in domain Group Policy, BranchCache hosted cache mode is turned on f
mode is turned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, BranchCache dis
With this selection, the BranchCache maximum round trip latency setting is enabled for all client computers where the policy is applied. Fo
nfigures for hosted cache mode. If the policy setting "Set BranchCache Distributed Cache Mode" is applied in addition to this policy, the cl
rsions - Windows Vista with BITS 4.0 installed, Windows 7, or Windows Server 2008 R2. If you select this version, later versions of Window
policy setting, or if you disable this policy setting, client computers that are configured with hosted cache mode still function correctly. Poli
to which the policy is applied. - Disabled. With this selection, BranchCache client computers use the default client computer cache age setti

the Microsoft Management Console.


uted. The DPS can be configured with the Services snap-in to the Microsoft Management Console.
ith the Services snap-in to the Microsoft Management Console.
with the Services snap-in to the Microsoft Management Console.
e. On Windows 10 only, if you disable or do not configure this policy setting, the default limit is applied. In Windows 8 and later, Bluetooth

rint. In the case of a print processor mismatch, the client spooler will always send jobs to the print server for rendering. Disabling the abov

sta client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warnin
sta client computers can create a printer connection to any server using Point and Print. -Windows Vista computers will not show a warnin
matically republished whenever the host computer does not respond, just as it does with Windows 2000 printers. Note: This setting applie

is ignored.

with the Services snap-in to the Microsoft Management Console.


nvitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email messag
ceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running. Windows Vista and later

ror information for a process while this policy setting is in effect, the command that starts the process must begin with one of the strings in
g will not be applied until the system is rebooted.
the provided timeout value is used. The timeout is given in seconds. Note: This policy setting will not be applied until the system is reboot
depending on the selected value for this policy setting. -- "None" allows all RPC clients to connect to RPC Servers running on the machine
of its capacity. Because this level can degrade performance, it is recommended for use only while you are investigating an RPC problem. N
nfiguring the following policy settings for the GPO: Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Startu
ws Settings\Scripts (Logon/Logoff)\Logon User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff This policy setting ap
ws Settings\Scripts (Logon/Logoff)\Logon User Configuration\Policies\Windows Settings\Scripts (Logon/Logoff)\Logoff This policy setting ap
---------- In Windows Vista, this policy setting monitors essential security settings to include firewall, antivirus, antispyware, Internet securit
ry to run suspicious apps from the Internet. If you do not configure this policy, SmartScreen will be enabled by default, but users may chan
s, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.

s menu and program File menus, and Jump Lists. This setting does not hide or prevent the user from pinning files, folders, or websites to th
n keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able t
n keyboard by default, skin switching is not allowed, and Input Panel displays the cursor and which keys are tapped. Users will not be able t
7 and Windows Vista).
7 and Windows Vista).
tions dialog box. If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch
tions dialog box. If you do not configure this policy, users will be able to use both the tolerant scratch-out gestures and the Z-shaped scratch
er. If you disable or do not configure this policy setting, desktop composition is not allowed for remote desktop sessions, even if desktop c

nt to the server by using 56-bit encryption. If you disable or do not configure this setting, the encryption level to be used for remote conne

ble or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specifie

f you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy

setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through
olicy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an

Windows Server 2012, the minimum of the following values is used as the color depth format: a.Value specified by this policy setting b.M

Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configurin

ot specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions
ot specified) as the working directory for the program. If the status is set to Disabled or Not Configured, Remote Desktop Services sessions

user's home directory is as specified at the server.


roperties dialog box. Notes: 1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections

ver has not expired. If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.
licy level.
y is set to Dynamic. If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.

to use the fallback printer driver. If you do not configure this policy setting, the fallback printer driver behavior is off by default. Note: If th
at the group Group policy Policy level and the default will be used. This setting is enabled by default. Notes: 1. For Windows Server 2008,

gs are configured, the Computer Configuration setting takes precedence.


gs are configured, the Computer Configuration setting takes precedence.

ecedence.
ecedence.

mputer are affected.


he computer are affected.

uses an encoding mechanism that results in medium quality images.

s which depend on the TPM anti-hammering logic can be used. Choose the operating system managed TPM authentication setting of "Dele
ommands requiring authorization to the TPM. The TPM is designed to protect itself against password guessing attacks by entering a hardw
horization to the TPM. The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when
iring authorization to the TPM. The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mo

will not restore the default Microsoft templates. If you do not configure this policy setting, any defined values will be deleted.
e a notification appears. If you disable this policy setting, the sync provider is used to synchronize settings between computers and the setti
e a notification appears. If you disable this policy setting, the sync provider is used to synchronize settings between computers and the setti

this policy setting is enabled is exactly the same behavior as in Windows NT 4.0.
user's cached profile will be used, or a temporary profile issued if no cached profile exists. Note: The policy setting must be configured on

he user must respond to this notice in operating systems earlier than Microsoft Windows Vista, use the "Timeout for dialog boxes" policy s

e system of roaming users' profiles on the machine.

ystem's first few attempts to unload the user settings are more likely to fail. This policy setting does not affect the system's attempts to upd

profile to load when the system detects a slow connection.

erval (hours)" option is disregarded. If you enable this policy setting, Windows uploads the registry file of the user's roaming user profile in
etting to connect with network resources if users choose to turn the setting off.

setting has no effect.


D DS succeeds. This option is selected by default to help ensure that BitLocker recovery is possible. If this option is not selected, AD DS bac
rinted with the BitLocker recovery information. Note: The 48-digit recovery password will not be available in FIPS-compliance mode. Impo
drive will be encrypted using that password as a protector. When set to "Do not allow complexity", no password complexity validation will

g drives by using manage-bde.exe. If you enable this policy setting, you can configure the identification field on the BitLocker-protected dr

in AD DS for operating system drives. If you select "Backup recovery password and key package", both the BitLocker recovery password an

be configured.
ers can configure advanced startup options in the BitLocker setup wizard. If you disable or do not configure this policy setting, users can co
e: For reliability and security, computers should also have a TPM startup PIN that can be used when the computer is disconnected from the
he NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Access Control (PCR 11). The descriptions of PCR settings for co
t platform validation profile or the platform validation profile specified by the setup script. A platform validation profile consists of a set of
r uses the default platform validation profile or the platform validation profile specified by the setup script. A platform validation profile co

y default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The “Restrict encryption algorithms and cipher suites a

BitLocker recovery when firmware is updated. If you disable this policy, suspend BitLocker prior to applying firmware updates.
Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS. Storing the key pa
till be accepted regardless of actual password complexity and the drive will be encrypted using that password as a protector. When set to "

Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be installed on the fixed drive to ena

t, BitLocker uses the algorithm configured on the drive to encrypt the drive. The “Restrict encryption algorithms and cipher suites allowed
es. If you select "Backup recovery password and key package", both the BitLocker recovery password and key package are stored in AD DS.

s of actual password complexity and the drive will be encrypted using that password as a protector. When set to "Do not allow complexity"

XP with SP2, BitLocker To Go Reader must be installed on the computer. If this check box is not selected, BitLocker To Go Reader will be inst

default, BitLocker uses the algorithm configured on the drive to encrypt the drive. The “Restrict encryption algorithms and cipher suites all
at is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's lo
wn site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. T

r is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
o both are allowed. If this policy setting value is Not Configured, the default policy setting is enabled. This is different than enabling the pol
mpacted your computer. If you enable this setting, you will join Microsoft MAPS with the membership specified. If you disable or do not c
ing link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links ta
om Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pi
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the
get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
et custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the u
get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the
get custom thumbnails from OpenSearch query results in this zone using File Explorer. Changes to this setting may not be applied until the

ry to run suspicious apps from the Internet. If you do not configure this policy, SmartScreen will be enabled by default, but users may chan
ptions" policy setting. If you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exc

this check box. Note: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo requests (the messa
" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow file and printer sh

do not configure this policy setting, Windows Defender Firewall uses only the local port exceptions list that administrators define by using t

olicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy

Control Panel, the "UPnP framework" check box is cleared. Administrators can change this check box."
ptions" policy setting. If you disable this policy setting, the program exceptions list defined by Group Policy is deleted. If a local program exc

this check box. Note: If any policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo requests (the messa
" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow file and printer sh

do not configure this policy setting, Windows Defender Firewall uses only the local port exceptions list that administrators define by using t

olicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy

Control Panel, the "UPnP framework" check box is cleared. Administrators can change this check box."
eam from a Windows Media server.

e the IPv6 filter empty. Ranges are specified using the syntax IP1-IP2. Multiple ranges are separated using "," (comma) as the delimiter. Ex
ill restart the computer automatically. (If a user is signed in to the computer when Windows is ready to restart, the user will be notified an
rectly to the Windows Update site on the Internet. The alternate download server configures the Windows Update Agent to download file

dows 7 : This policy setting has no effect. Users will always see an Account Control window and require elevated permissions to do either of

olicy setting has no effect. If the "Configure Automatic Updates" policy setting is disabled or is not configured, then the Software Notificati

om the start time provided. - To resume receiving Feature Updates which are paused, clear the start date field. Preview Build enrollment r
can manually set up Work Folders by using the Work Folders Control Panel item.
ows 7 and downlevel, the OS will allow 16-bit applications to run. Note: This setting appears in only Computer Configuration.

oot to ensure that your system accurately reflects those changes.


or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Clie
80 percent of the limit. 0x8 - Usage of this connection is unrestricted up to a certain data limit and plan usage is between 80 percent and
ems" setting are enabled, the "Show only specified Control Panel items" setting is ignored. Note: The Display Control Panel item cannot be

e "Show only specified Control Panel items" setting is ignored. Note: The Display Control Panel item cannot be hidden in the Desktop cont
s required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.

e Desktop Session Host running on all machines in humanresources.fabrikam.com

dministration mode, regardless of the mode chosen. These versions do not support Remote Credential Guard.
ess is started, but before an object activation request is dispatched to the server process. This access check is done against the DCOM ser
ct on computers or users. If there is a current setting in the registry it will not be modified. The "Require UEFI Memory Attributes Table" op
he quota limit you set. When users reach the quota limit, their status in the Quota Entries window changes, but users can continue to writ

pt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DH

ded to the unqualified queries.

its a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "exam
on. For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microso

client settings to determine the query behavior for unqualified multi-label names.
"Force queue mode for application errors"": Select this option if you do not want users to report errors. When this option is selected, error

udes the Windows components category.) If you disable this policy setting or do not configure it, the Default application reporting settings
onsent policy setting.
onsent policy setting.
e. When the service is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in
ngs in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. No
ngs in Control Panel or from the opt-in dialog. This policy setting is related to the "Turn off handwriting personalization" policy setting. No

required, images that do not have a base relocation section will not be loaded. PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_A
required, images that do not have a base relocation section will not be loaded. PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_A

he user at boot or logon. The default is 5000 milliseconds. If you disable this policy setting, the Group Policy client will not cache applicab
aits for the user at boot or logon. The default is 5000 milliseconds. If you disable or do not configure this policy setting, the Group Policy cli

as changed it.
ection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
ection speed setting is used. If the profile server does not have IP connectivity, the SMB timing is used.
m selects a variance of 0 to 30 minutes. Typing a large number establishes a broad range and makes it less likely that client requests overla
uests overlap. However, updates might be delayed significantly. Note: This setting is used only when you are establishing policy for a doma
ge number establishes a broad range and makes it less likely that client requests overlap. However, updates might be delayed significantly.

user has changed it.


u are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
e a user has changed it.
you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

orming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ser has changed it.
re not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ence setting in case a user has changed it.
ou are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

oup Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ems, such as reapplying a desired preference setting in case a user has changed it.
n. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

rming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
er has changed it.
forming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ying a desired preference setting in case a user has changed it.
you must turn on the "Tracing" option. If you are not performing Group Policy Modeling or there are no preference items in this extension
, such as reapplying a desired preference setting in case a user has changed it.
" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is creat
ng in case a user has changed it.
ption. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
reapplying a desired preference setting in case a user has changed it.
n. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ce items, such as reapplying a desired preference setting in case a user has changed it.
orming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
etting in case a user has changed it.
" option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is creat

forming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
h as reapplying a desired preference setting in case a user has changed it.
option. If you are not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created

forming Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
changed it.
performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.
ser has changed it.
re not performing Group Policy Modeling or there are no preference items in this extension, no planning trace file is created.

ot configure this policy setting, these commands are fully functional for all Help files. Note: Only folders on the local computer can be spec
the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional
be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional
mpound authentication for Dynamic Access Control and Kerberos armoring. Domain functional level requirements For the options "Always
ere this policy setting is enabled, you can also select the following configuration options: - Allow hash publication for all shared folders. Wit
with the value of 2. - To support both V1 and V2 content information, configure "Hash version supported" with the value of 3.

n the foreground, synchronously. On servers running Windows Server 2008 or later, this policy setting is ignored during Group Policy proces
for the market. If you don't configure this setting, the default search engine is set to the one specified in App settings.
for the market. If you don't configure this setting, the default search engine is set to the one specified in App settings.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.

pens, but the prohibited snap-in does not appear.


pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
pens, but the prohibited snap-in does not appear.
icy setting will take effect only when the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, sys
ons using the exclusive read capability in the domain are those approved by the administrator.

e read capability in the domain are those approved by the administrator.

ttempt DNS name resolution in this case, unless the computer is searching for a domain with a single label DNS name to which this compute

.<SiteName>._sites.<DnsForestName> Rfc1510UdpKdc SRV _kerberos._udp.<DnsDomainName> Rfc1510Kpwd SRV _kpasswd._tcp

e treated as infinity. If you disable this policy setting, Force Rediscovery will be used by default for the machine at every 12 hour interval. If

vate remote access connection" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons fo

Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advan

automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delet
t prevent users from using other programs, such as Internet Explorer, to bypass this setting.
er remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN con

r LAN connection components. Note: Network Configuration Operators only have permission to change TCP/IP properties. Properties for a

ces Internet Connection Firewall when you install Windows XP Service Pack 2. If you disable this setting or do not configure it, the Internet
ox for a remote access connection will be available to users. Note: This setting does not prevent users from using other programs, such as I
nection components is blocked. Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass

users. Note: This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.

e when two or more network connections are present. Note: When the "Prohibit access to properties of a LAN connection," "Ability to cha

on. If this setting is changed after user logon then user logoff and logon is required for this setting to take effect.
r. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.
r. If the "Remove 'Make Available Offline' command" policy setting is enabled, this setting has no effect.

hen transitioning a folder to the slow-link mode. Computers running Windows 8 or Windows Server 2012 will use the default latency value
limit is automatically adjusted downward to 75 percent of the size of the drive. If the cache is located on a drive other than the system driv

enable the setting; do not insert a seed server name; and check the check box. If this setting is disabled or not configured, the protocol wil
s supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer
hich the policy is applied. - Disabled. With this selection, BranchCache client computers use the default client computer cache setting of fiv
osted cache mode is turned on for all domain member client computers to which the policy is applied. - Disabled. With this selection, Bran
h this selection, BranchCache distributed cache mode is turned off for all client computers where the policy is applied. * This policy setting
s where the policy is applied. For example, if Configure BranchCache for network files is enabled in domain Group Policy, the BranchCache
d in addition to this policy, the client computer performs automatic hosted cache server discovery. If one or more hosted cache servers are
ersion, later versions of Windows run the version of BranchCache that is included in these operating systems rather than later versions of B
mode still function correctly. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings a
lt client computer cache age setting of 28 days on the client computer. In circumstances where this setting is enabled, you can also select a
n Windows 8 and later, Bluetooth printers are not shown so its limit does not apply to those versions of Windows.

or rendering. Disabling the above policy setting does not override this behavior. Note: In cases where the client print driver does not matc

omputers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and P
omputers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and P
inters. Note: This setting applies to printers published by using Active Directory Users and Computers or Pubprn.vbs. It does not apply to p
is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported. If you e
nning. Windows Vista and later Enable the Remote Assistance exception for the domain profile. The exception must contain: Port 135:TCP

t begin with one of the strings in the Extended Error Information Exception field. -- "On" enables extended error information for all proces

pplied until the system is rebooted.


Servers running on the machine on which the policy setting is applied. -- "Authenticated" allows only authenticated RPC Clients (per the d
investigating an RPC problem. Note: To retrieve the RPC state information from a system that maintains it, you must use a debugging tool.
ripts (Startup/Shutdown)\Startup Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)\Shutdown
off)\Logoff This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Co
off)\Logoff This policy setting appears in the Computer Configuration and User Configuration folders. The policy setting set in Computer Co
us, antispyware, Internet security settings, User Account Control, and Automatic Updates. Windows Vista computers do not require a rebo
d by default, but users may change their settings.
ists" setting.

ng files, folders, or websites to the Jump Lists. See the "Do not allow pinning items in Jump Lists" setting. This policy also does not hide Task
e tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose to “Med
e tapped. Users will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose to “Med

estures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.
estures and the Z-shaped scratch-out gesture. Users will be able to configure this setting on the Gestures tab in Input Panel Options.
sktop sessions, even if desktop composition is enabled in RDC or in the .rdp file.

evel to be used for remote connections to RD Session Host servers is not enforced through Group Policy. Important FIPS compliance can b

ession Host servers is not specified at the Group Policy level.

take precedence over this policy setting.

n choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a co
tly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gat

ecified by this policy setting b.Maximum color depth supported by the client c.Value requested by the client If the client does not support

of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.

mote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Confi
mote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Confi

te Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roamin

default behavior noted earlier.

to Dynamic.

avior is off by default. Note: If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback
s: 1. For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.

M authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the loca
sing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the T
a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mo
entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lo

es will be deleted.
between computers and the settings storage location. If you do not configure this policy setting, any defined values will be deleted.
between computers and the settings storage location. If you do not configure this policy setting, any defined values will be deleted.

y setting must be configured on the client computer not the server for it to have any effect because the client computer sets the file share

meout for dialog boxes" policy setting. Important: If the "Do not detect slow network connections" setting is enabled, this policy setting is

ect the system's attempts to update the files in the user profile. Tip: Consider increasing the number of retries specified in this policy settin

the user's roaming user profile in the background according to the schedule set here while the user is logged on. Regular profiles are not a

option is not selected, AD DS backup is attempted but network or other backup failures do not prevent BitLocker setup. Backup is not autom
in FIPS-compliance mode. Important: This policy setting provides an administrative method of recovering data encrypted by BitLocker to p
sword complexity validation will be done. Passwords must be at least 8 characters. To configure a greater minimum length for the passwor

ld on the BitLocker-protected drive and any allowed identification field used by your organization. When a BitLocker-protected drive is mo

BitLocker recovery password and key package are stored in AD DS. Storing the key package supports recovering data from a drive that has

e this policy setting, users can configure only basic options on computers with a TPM. Note: If you want to require the use of a startup PIN
mputer is disconnected from the wired network or the server at startup.
escriptions of PCR settings for computers that use an Extensible Firmware Interface (EFI) are different than the PCR settings described for co
ation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform validation profile s
. A platform validation profile consists of a set of Platform Configuration Register (PCR) indices ranging from 0 to 23. The default platform v

n algorithms and cipher suites allowed for hardware-based encryption” option enables you to restrict the encryption algorithms that BitLo

g firmware updates.
ored in AD DS. Storing the key package supports recovering data from a drive that has been physically corrupted. If you select "Backup reco
ord as a protector. When set to "Do not allow complexity", no password complexity validation will be done. Passwords must be at least 8 c

nstalled on the fixed drive to enable users to unlock the drive on computers running Windows Server 2008, Windows Vista, Windows XP w

ithms and cipher suites allowed for hardware-based encryption” option enables you to restrict the encryption algorithms that BitLocker ca
ey package are stored in AD DS. If you select "Backup recovery password only" only the recovery password is stored in AD DS. Select the "D

set to "Do not allow complexity", no password complexity validation will be done. Passwords must be at least 8 characters. To configure a g

Locker To Go Reader will be installed on the removable drive to enable users to unlock the drive on computers running Windows Server 20

algorithms and cipher suites allowed for hardware-based encryption” option enables you to restrict the encryption algorithms that BitLoc
is value, the client computer's local clock is corrected gradually. Default: 300 seconds. MaxNegPhaseCorrection If a time sample is receive
d if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal). ResolvePeerBackoffMinutes This value, expressed in m

s different than enabling the policy setting with Group Policy, however - when the policy setting is Not Configured, the policy setting is confi
ecified. If you disable or do not configure this setting, you will not join Microsoft MAPS. In Windows 10, Basic membership is no longer av
Search Connector/Library links take precedence over Internet/intranet search links. If you enable this policy setting, the specified Internet
ink(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library link
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
tting may not be applied until the user logs off from Windows.
tting may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
ng may not be applied until the user logs off from Windows.
tting may not be applied until the user logs off from Windows.
tting may not be applied until the user logs off from Windows.

d by default, but users may change their settings.


is deleted. If a local program exceptions list exists, it is ignored unless you enable the "Windows Defender Firewall: Allow local program ex

ICMP echo requests (the message sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting
Firewall: Allow file and printer sharing exception," "Windows Defender Firewall: Allow remote administration exception," and "Windows De

t administrators define by using the Windows Defender Firewall component in Control Panel. Other policy settings can continue to open or

orts. Because disabling this policy setting does not block TCP port 445, it does not conflict with the "Windows Defender Firewall: Allow file a

is deleted. If a local program exceptions list exists, it is ignored unless you enable the "Windows Defender Firewall: Allow local program ex

ICMP echo requests (the message sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting
Firewall: Allow file and printer sharing exception," "Windows Defender Firewall: Allow remote administration exception," and "Windows De

t administrators define by using the Windows Defender Firewall component in Control Panel. Other policy settings can continue to open or

orts. Because disabling this policy setting does not block TCP port 445, it does not conflict with the "Windows Defender Firewall: Allow file a
"," (comma) as the delimiter. Example IPv4 filters:\n2.0.0.1-2.0.0.20, 24.0.0.1-24.0.0.22 Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245
tart, the user will be notified and given the option to delay the restart.) On Windows 8 and later, you can set updates to install during auto
s Update Agent to download files from an alternative download server instead of the intranet update service. The option to download file

ated permissions to do either of these tasks. On Windows 8 and Windows RT: This policy setting has no effect. Users will always see an Ac

red, then the Software Notifications policy setting has no effect.

eld. Preview Build enrollment requires a telemetry level setting of 2 or higher and your domain registered on insider.windows.com. For ad
uter Configuration.
h block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; th
sage is between 80 percent and 100 percent of the limit. 0x10 - Usage of this connection is unrestricted up to a certain data limit, which h
ay Control Panel item cannot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prev

ot be hidden in the Desktop context menu by using this setting. To hide the Display Control Panel item and prevent users from modifying th
ck is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults
EFI Memory Attributes Table" option will only enable Virtualization Based Protection of Code Integrity on devices with UEFI firmware supp
s, but users can continue to write to the volume.

DNS resource records when a DHCP lease is granted or renewed.

om" resulting in the query "example.microsoft.com," before sending the query to a DNS server. If a DNS suffix search list is not specified, th
ttaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server. If a DN
hen this option is selected, errors are stored in a queue directory, and the next administrator to log on to the computer can send the error

ult application reporting settings policy setting takes precedence. Also see the ""Default Application Reporting"" and ""Application Exclusio
figured with the Services snap-in to the Microsoft Management Console.
rsonalization" policy setting. Note: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 M
rsonalization" policy setting. Note: The amount of stored ink is limited to 50 MB and the amount of text information to approximately 5 M

GATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000) PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_


GATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000) PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_

licy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs synchronously, it downlo
olicy setting, the Group Policy client will not cache applicable GPOs or settings that are contained within the GPOs. When Group Policy runs
likely that client requests overlap. However, updates might be delayed significantly. This setting establishes the update rate for computer G
re establishing policy for a domain, site, organizational unit (OU), or customized group. If you are establishing policy for a local computer on
s might be delayed significantly. Important: If the "Turn off background refresh of Group Policy" setting is enabled, this setting is ignored.

g trace file is created.

ng trace file is created.

ace file is created.

ng trace file is created.

planning trace file is created.

reference items in this extension, no planning trace file is created.

on, no planning trace file is created.

no planning trace file is created.

planning trace file is created.


on, no planning trace file is created.

no planning trace file is created.

le is created.

ace file is created.

the local computer can be specified in this policy setting. You cannot use this policy setting to enable the "Shortcut" and "WinHelp" comm
licies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.cont
licies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.cont
ements For the options "Always provide claims" and "Fail unarmored authentication requests", when the domain functional level is set to
cation for all shared folders. With this option, BranchCache generates content information for all content in all shares on the file server. - A
with the value of 3.

nored during Group Policy processing at computer startup and Group Policy processing will be synchronous (these servers wait for the netw
ervice is stopped or disabled, system file recovery will not be attempted. The DPS can be configured with the Services snap-in to the Micro
DNS name to which this computer is joined, in the Active Directory forest.

10Kpwd SRV _kpasswd._tcp.<DnsDomainName> Rfc1510UdpKpwd SRV _kpasswd._udp.<DnsDomainName> If you disable this poli

hine at every 12 hour interval. If you do not configure this policy setting, Force Rediscovery will be used by default for the machine at ever

e Install and Uninstall buttons for connections are blocked. Note: Nonadministrators are already prohibited from adding and removing con

button, and then click the Advanced button. Note: Changing this setting from Enabled to Not Configured does not enable the Advanced b

nections folder to create or delete a LAN connection. Note: This setting does not prevent users from using other programs, such as Internet
lity to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access conn

CP/IP properties. Properties for all other components are unavailable to these users. Note: Nonadministrators are already prohibited from

do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use th
using other programs, such as Internet Explorer, to bypass this setting.
h as Internet Explorer, to bypass this setting.

ypass this setting.

LAN connection," "Ability to change properties of an all user remote access connection," or "Prohibit changing properties of a private remo
will use the default latency value of 35 milliseconds when transitioning a folder to the slow-link mode. To avoid extra charges on cell phone
drive other than the system drive, the limit is automatically adjusted downward to 100 percent of the size of the drive. If you enable this s

not configured, the protocol will revert to using a public registry key to determine the seed server to bootstrap from.
h Background Intelligent Transfer Service (BITS) 4.0 installed.
ent computer cache setting of five percent of the total disk space on the client computer. In circumstances where this setting is enabled, yo
isabled. With this selection, BranchCache hosted cache mode is turned off for all client computers where the policy is applied. In circumsta
y is applied. * This policy setting is supported on computers that are running Windows Vista Business, Enterprise, and Ultimate editions wi
n Group Policy, the BranchCache latency setting that you specify in the policy is turned on for all domain member client computers to which
r more hosted cache servers are found, the client computer self-configures for hosted cache mode only. If the policy setting "Set BranchCa
ms rather than later versions of BranchCache. - Windows 8. If you select this version, Windows 8 will run the version of BranchCache that is
election, BranchCache settings are not applied to client computers by this policy setting. - Enabled. With this selection, the policy setting is
g is enabled, you can also select and configure the following option: - Specify the age in days for which segments in the data cache are valid
client print driver does not match the server print driver (mismatched connection), the client will always process the print job, regardless o

n to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existin
n to any server using Point and Print. -Windows Vista computers will not show a warning or an elevated command prompt when an existin
ubprn.vbs. It does not apply to printers published by using Printers in Control Panel. Tip: If you disable automatic pruning, remember to de
only method supported. If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistanc
ption must contain: Port 135:TCP %WINDIR%\System32\msra.exe %WINDIR%\System32\raserver.exe Windows XP with Service Pack 2 (SP

d error information for all processes. Note: For information about the Extended Error Information Exception field, see the Windows Softwa

enticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. E
you must use a debugging tool. Note: This policy setting will not be applied until the system is rebooted.
utdown)\Shutdown
policy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
policy setting set in Computer Configuration takes precedence over the setting set in User Configuration.
computers do not require a reboot for this policy setting to take effect.
his policy also does not hide Tasks that the application has provided for their Jump List. This setting does not hide document shortcuts disp
e this policy and choose to “Medium-High” from the drop-down box, password security is set to “Medium-High.” At this setting, when user
e this policy and choose to “Medium-High” from the drop-down box, password security is set to “Medium-High.” At this setting, when user

ab in Input Panel Options.


ab in Input Panel Options.
mportant FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and

er" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users d
ill be made through that RD Gateway server.

nt If the client does not support at least 16 bits, the connection is terminated.

ession Host WMI Provider.

otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) Note: This
otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.) Note: This

Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. 2. To configure a mandatory

tting is ignored and the fallback printer driver is disabled.


user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-ham
authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLo
hen the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. T
value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Enc
ed values will be deleted.
ed values will be deleted.

ent computer sets the file share permissions for the roaming profile at creation time. Note: The behavior when this policy setting is enable

g is enabled, this policy setting is ignored. Also, if the "Delete cached copies of roaming profiles" policy setting is enabled, there is no local c

tries specified in this policy setting if there are many user profiles stored in the computer's memory. This indicates that the system has not

ed on. Regular profiles are not affected. If this setting is disabled or not configured, the registry file for a roaming user profile will not be up

ocker setup. Backup is not automatically retried and the recovery password may not have been stored in AD DS during BitLocker setup. If y
data encrypted by BitLocker to prevent data loss due to lack of key information. If you do not allow both user recovery options you must en
minimum length for the password, enter the desired number of characters in the "Minimum password length" box. If you disable or do no

BitLocker-protected drive is mounted on another BitLocker-enabled computer the identification field and allowed identification field will b

ering data from a drive that has been physically corrupted. If you select "Backup recovery password only," only the recovery password is st

o require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde ins

the PCR settings described for computers that use a standard BIOS. Warning: Changing from the default platform validation profile affects
fault platform validation profile secures the encryption key against changes to the Core Root of Trust of Measurement (CRTM), BIOS, and Pl
m 0 to 23. The default platform validation profile secures the encryption key against changes to the core system firmware executable code (

encryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disa

upted. If you select "Backup recovery password only," only the recovery password is stored in AD DS. Select the "Do not enable BitLocker u
. Passwords must be at least 8 characters. To configure a greater minimum length for the password, enter the desired number of character

, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Reader installed. If this policy setting is

tion algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disable the
is stored in AD DS. Select the "Do not enable BitLocker until recovery information is stored in AD DS for removable data drives" check box

ast 8 characters. To configure a greater minimum length for the password, enter the desired number of characters in the "Minimum passw

ters running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2 that do not have BitLocker To Go Read

ncryption algorithms that BitLocker can use with hardware encryption. If the algorithm set for the drive is not available, BitLocker will disab
ction If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time differe
utes This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attem

figured, the policy setting is configurable on the local computer. When the policy setting is applied with Group Policy, it is not configurable
Basic membership is no longer available, so setting the value to 1 or 2 enrolls the device into Advanced membership.
y setting, the specified Internet sites will appear in the "Search again" links and the Start menu links. If you disable or do not configure this
s. Search Connector/Library links take precedence over Internet/intranet search links. If you enable this policy setting, the specified Librar
Firewall: Allow local program exceptions" policy setting. If you do not configure this policy setting, Windows Defender Firewall uses only th

ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow
on exception," and "Windows Defender Firewall: Define inbound port exceptions." Note: Other Windows Defender Firewall policy settings

settings can continue to open or block ports. Note: If you type an invalid definition string, Windows Defender Firewall adds it to the list wit

ws Defender Firewall: Allow file and printer sharing exception" policy setting. Note: Malicious users often attempt to attack networks and c

Firewall: Allow local program exceptions" policy setting. If you do not configure this policy setting, Windows Defender Firewall uses only th

ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow
on exception," and "Windows Defender Firewall: Define inbound port exceptions." Note: Other Windows Defender Firewall policy settings

settings can continue to open or block ports. Note: If you type an invalid definition string, Windows Defender Firewall adds it to the list wit

ws Defender Firewall: Allow file and printer sharing exception" policy setting. Note: Malicious users often attempt to attack networks and c
ers:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FEDA:1245:BA98:3210:4562
set updates to install during automatic maintenance instead of a specific schedule. Automatic maintenance will install updates when the co
ce. The option to download files with missing Urls allows content to be downloaded from the Alternate Download Server when there are n

ffect. Users will always see an Account Control window and require elevated permissions to do either of these tasks. If you disable this poli

on insider.windows.com. For additional information on Preview Builds, see: https://aka.ms/wipforbiz When Selecting Current Branch or C
nto the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth o
p to a certain data limit, which has been exceeded. Surcharge applied or unknown. 0x20 - Usage of this connection is unrestricted up to a c
play Control Panel item and prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting ins

prevent users from modifying the computer's display settings use the "Disable Display Control Panel" setting instead. Note: To hide pages i
e against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries this may mean that object
devices with UEFI firmware support for the Memory Attributes Table. Devices without the UEFI Memory Attributes Table may have firmwar
ffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-spec
e query to a DNS server. If a DNS suffix search list is not specified, the DNS client attaches the primary DNS suffix to a single-label name. If
he computer can send the error reports to Microsoft. - ""Corporate file path"": Type a UNC path to enable Corporate Error Reporting. All e

ting"" and ""Application Exclusion List"" policies. This setting will be ignored if the 'Configure Error Reporting' setting is disabled or not con
formation to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more rec
formation to approximately 5 MB. When these limits are reached and new data is collected, old data is deleted to make room for more rec

CY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) The bottom-up randomization policy, which includes stack randomization options, cau
CY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000) The bottom-up randomization policy, which includes stack randomization options, cau

cy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estimates to determine slow link
e GPOs. When Group Policy runs synchronously, it downloads the latest version of the policy from the network and uses bandwidth estima
es the update rate for computer Group Policy. To set an update rate for user policies, use the "Set Group Policy refresh interval for users" se
ng policy for a local computer only, the system ignores this setting.
enabled, this setting is ignored. Note: This setting establishes the update rate for user Group Policies. To set an update rate for computer G
"Shortcut" and "WinHelp" commands for .chm files that are stored on mapped drives or accessed using UNC paths. For additional options,
ple, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and
ple, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and
domain functional level is set to Windows Server 2008 R2 or earlier then domain controllers behave as if the "Supported" option is selecte
n all shares on the file server. - Allow hash publication only for shared folders on which BranchCache is enabled. With this option, content i

(these servers wait for the network to be initialized during computer startup). If the server is configured as follows, this policy setting take
he Services snap-in to the Microsoft Management Console.
inName> If you disable this policy setting, DCs configured to perform dynamic registration of DC Locator DNS records register all DC Locato

default for the machine at every 12 hour interval, unless the local machine setting in the registry is a different value.

d from adding and removing connection components, regardless of this setting.

does not enable the Advanced button until the user logs off.

other programs, such as Internet Explorer, to bypass this setting.


ming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewin

ors are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.

n is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by d

ging properties of a private remote access connection" settings are set to deny access to the Connection Properties dialog box, the Advanc
void extra charges on cell phone or broadband plans, it may be necessary to configure the latency threshold to be lower than the round-trip
of the drive. If you enable this setting and specify a total size limit less than the amount of space currently used by the Offline Files cache,

strap from.
where this setting is enabled, you can also select and configure the following option: - Specify the percentage of total disk space allocated
he policy is applied. In circumstances where this setting is enabled, you can also select and configure the following option: - Type the nam
erprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installed.
ember client computers to which the policy is applied. - Disabled. With this selection, BranchCache client computers use the default latenc
the policy setting "Set BranchCache Hosted Cache Mode" is applied, the client computer does not perform automatic hosted cache discove
e version of BranchCache that is included in the operating system.
his selection, the policy setting is applied to client computers, which are configured as hosted cache mode clients that use the hosted cache
ments in the data cache are valid.
ocess the print job, regardless of the setting of this policy.

mmand prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computer
mmand prompt when an existing printer connection driver needs to be updated. -Windows Server 2003 and Windows XP client computer
omatic pruning, remember to delete printer objects manually whenever you remove a printer or print server.
tions to allow Remote Assistance communications.
ndows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth

on field, see the Windows Software Development Kit (SDK). Note: Extended error information is formatted to be compatible with other ope

ch the policy setting is applied. Exemptions are granted to interfaces that have requested them. -- "Authenticated without exceptions" allo
ot hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting. Note: It is a requirem
High.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed,
High.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is allowed,
hms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local

r using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used b
user logon" setting.) Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, th
user logon" setting.) Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured, th

on. 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host se
hat depend on the TPM anti-hammering logic. Choose the operating system managed TPM authentication setting of "None" for compatibi
and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out
like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufactu
features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM m
when this policy setting is enabled is exactly the same behavior as in Windows 2000 Professional pre-SP4 and Windows XP Professional.

ng is enabled, there is no local copy of the roaming profile to load when the system detects a slow connection.

dicates that the system has not been able to unload the profile. Also, check the Application Log in Event Viewer for events generated by U

oaming user profile will not be uploaded in the background while the user is logged on.

D DS during BitLocker setup. If you disable or do not configure this policy setting, BitLocker recovery information is not backed up to AD DS
ser recovery options you must enable the "Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008
gth" box. If you disable or do not configure this policy setting, the default length constraint of 8 characters will apply to operating system d

allowed identification field will be used to determine whether the drive is from an outside organization. If you disable or do not configure

only the recovery password is stored in AD DS. Select the "Do not enable BitLocker until recovery information is stored in AD DS for operati

mmand-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.

latform validation profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicio
asurement (CRTM), BIOS, and Platform Extensions (PCR 0), the Option ROM Code (PCR 2), the Master Boot Record (MBR) Code (PCR 4), the
tem firmware executable code (PCR 0), extended or pluggable executable code (PCR 2), boot manager (PCR 4), and the BitLocker access co

not available, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID).

ct the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box if you want to prevent users fro
the desired number of characters in the "Minimum password length" box. If you disable this policy setting, the user is not allowed to use a

nstalled. If this policy setting is disabled, fixed data drives formatted with the FAT file system that are BitLocker-protected cannot be unloc

ailable, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). For exa
emovable data drives" check box if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and

aracters in the "Minimum password length" box. If you disable this policy setting, the user is not allowed to use a password. If you do not

o not have BitLocker To Go Reader installed. If this policy setting is disabled, removable data drives formatted with the FAT file system that

not available, BitLocker will disable the use of hardware-based encryption. Encryption algorithms are specified by object identifiers (OID). F
ocal clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800
NS name when a previous attempt failed. The default value is 15 minutes. ResolvePeerBackoffMaxTimes This value controls how many tim

oup Policy, it is not configurable locally. With the policy setting value of Not Configured, new automatic connection attempts are not made,
u disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu
olicy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links. If you disable or
ws Defender Firewall uses only the local program exceptions list that administrators define by using the Windows Defender Firewall compo

ndows Defender Firewall: Allow inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administr
Defender Firewall policy settings affect only incoming messages, but several of the options of the "Windows Defender Firewall: Allow ICMP

der Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with

attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical progr

ws Defender Firewall uses only the local program exceptions list that administrators define by using the Windows Defender Firewall compo

ndows Defender Firewall: Allow inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administr
Defender Firewall policy settings affect only incoming messages, but several of the options of the "Windows Defender Firewall: Allow ICMP

der Firewall adds it to the list without checking for errors, and therefore you can accidentally create multiple entries for the same port with

attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical progr
e will install updates when the computer is not in use, and avoid doing so when the computer is running on battery power. If automatic mai
ownload Server when there are no download Urls for files in the update metadata. This option should only be used when the intranet upda

ese tasks. If you disable this policy setting, then only administrative users will receive update notifications. Note: On Windows 8 and Wind

en Selecting Current Branch or Current Branch for Business: - You can defer receiving Feature Updates for up to 365 days. - To prevent Fea
on failures over low bandwidth or unreliable connections.
nnection is unrestricted up to a certain data limit, which has been exceeded. No surcharge applies, but speeds are likely reduced. 0x40 - Th
Display Control Panel" setting instead. Note: To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Comp

ng instead. Note: To hide pages in the System Settings app, use the "Settings Page Visibility" setting under Computer Configuration.
ntries this may mean that object activations that would have previously succeeded for such specified users, once the DCOM server process
ttributes Table may have firmware that is incompatible with Virtualization Based Protection of Code Integrity which in some cases can lead t
query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the pr
S suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are
Corporate Error Reporting. All errors are stored at the specified location instead of being sent directly to Microsoft, and the next administr

ting' setting is disabled or not configured.


eted to make room for more recent data. Note: Handwriting personalization works only for Microsoft handwriting recognizers, and not wit
eted to make room for more recent data. Note: Handwriting personalization works only for Microsoft handwriting recognizers, and not wit

tack randomization options, causes a random location to be used as the lowest user address. For instance, to enable PROCESS_CREATION_
tack randomization options, causes a random location to be used as the lowest user address. For instance, to enable PROCESS_CREATION_

estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting to configure asynchronou
work and uses bandwidth estimates to determine slow link thresholds. (See the “Configure Group Policy Slow Link Detection” policy setting
licy refresh interval for users" setting (located in User Configuration\Administrative Templates\System\Group Policy). This setting is only us

t an update rate for computer Group Policies, use the "Group Policy refresh interval for computers" setting (located in Computer Configura
NC paths. For additional options, see the "Restrict these programs from being launched from Help" policy.
setting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associ
setting by Internet Explorer, and would therefore be in conflict. Value - A number indicating the zone with which this site should be associ
he "Supported" option is selected. When the domain functional level is set to Windows Server 2012 then the domain controller advertises
abled. With this option, content information is generated only for shared folders on which BranchCache is enabled. If you use this setting, y

as follows, this policy setting takes effect during Group Policy processing at user logon: • The server is configured as a terminal server (that
NS records register all DC Locator DNS resource records. If you do not configure this policy setting, DCs use their local configuration.

rent value.
dvanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 200

is setting.

nnection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access con

roperties dialog box, the Advanced tab for the connection is blocked. Note: Nonadministrators are already prohibited from configuring Inte
d to be lower than the round-trip network latency. In Windows Vista or Windows Server 2008, once transitioned to slow-link mode, users w
y used by the Offline Files cache, the total size limit is automatically adjusted upward to the amount of space currently used by offline files.
tage of total disk space allocated for the cache. Specifies an integer that is the percentage of total client computer disk space to use for the
ollowing option: - Type the name of the hosted cache server. Specifies the computer name of the hosted cache server. Because the hosted

computers use the default latency setting of 80 milliseconds. In circumstances where this policy setting is enabled, you can also select and
m automatic hosted cache discovery. This is also true in cases where the policy setting "Configure Hosted Cache Servers" is applied. This pol

clients that use the hosted cache servers that you specify in "Hosted cache servers." - Disabled. With this selection, this policy is not applie
and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print
and Windows XP client computers can create a printer connection to any server using Point and Print. -The "Users can only point and print
rt 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe %WINDIR%\System32

to be compatible with other operating systems and older Microsoft operating systems, but only newer Microsoft operating systems can re

nticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the ma
es" setting. Note: It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
efault, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure t
efault, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure t
Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to t

ify in this policy setting is used by default. If you disable or do not configure this policy setting, clients will not use the RD Gateway server a
f both settings are configured, the Computer Configuration setting overrides.
f both settings are configured, the Computer Configuration setting overrides.

motely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" polic
setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner aut
and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time w
cked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization
t stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer autho
nd Windows XP Professional.

iewer for events generated by Userenv. The system records an event whenever it tries to unload the registry portion of the user profile. The

mation is not backed up to AD DS. Note: Trusted Platform Module (TPM) initialization might occur during BitLocker setup. Enable the "Turn
n Services (Windows Server 2008 and Windows Vista)" policy setting to prevent a policy error.
will apply to operating system drive passwords and no complexity checks will occur. Note: Passwords cannot be used if FIPS-compliance is

you disable or do not configure this policy setting, the identification field is not required. Note: Identification fields are required for manag

tion is stored in AD DS for operating system drives" check box if you want to prevent users from enabling BitLocker unless the computer is c

platform modifications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCR
t Record (MBR) Code (PCR 4), the NTFS Boot Sector (PCR 8), the NTFS Boot Block (PCR 9), the Boot Manager (PCR 10), and the BitLocker Ac
R 4), and the BitLocker access control (PCR 11). Warning: Changing from the default platform validation profile affects the security and ma

cified by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1

x if you want to prevent users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recove
, the user is not allowed to use a password. If you do not configure this policy setting, passwords will be supported with the default setting

ocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista, Windows XP with SP3, or Windows XP w

y object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.101.3.4
is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. Note: If the "Do not enable BitLocker un

o use a password. If you do not configure this policy setting, passwords will be supported with the default settings, which do not include p

tted with the FAT file system that are BitLocker-protected cannot be unlocked on computers running Windows Server 2008, Windows Vista,

fied by object identifiers (OID). For example: - AES 128 in CBC mode OID: 2.16.840.1.101.3.4.1.2 - AES 256 in CBC mode OID: 2.16.840.1.1
le is discarded. Default: 172,800 seconds. MaxPosPhaseCorrection If a time sample is received that indicates a time in the future (as comp
his value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS nam

nnection attempts are not made, and less preferred connections are disconnected.
h again" links or the Start menu links.
art menu links. If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" link
ndows Defender Firewall component in Control Panel. Note: If you type an invalid definition string, Windows Defender Firewall adds it to t

Allow inbound remote administration exception," and "Windows Defender Firewall: Define inbound port exceptions."
ws Defender Firewall: Allow ICMP exceptions" policy setting affect outgoing communication.

e entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have diff

nufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM comm

ndows Defender Firewall component in Control Panel. Note: If you type an invalid definition string, Windows Defender Firewall adds it to t

Allow inbound remote administration exception," and "Windows Defender Firewall: Define inbound port exceptions."
ws Defender Firewall: Allow ICMP exceptions" policy setting affect outgoing communication.

e entries for the same port with conflicting Scope or Status values. Scope parameters are combined for multiple entries. If entries have diff

nufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM comm
battery power. If automatic maintenance is unable to install updates for 2 days, Windows Update will install updates right away. Users will
be used when the intranet update service does not provide download Urls in the update metadata for files which are present on the altern

Note: On Windows 8 and Windows RT this policy setting is enabled by default. In all prior versions of windows, it is disabled by default. If

up to 365 days. - To prevent Feature Updates from being received on their scheduled time, you can temporarily pause them. The pause wi
eds are likely reduced. 0x40 - The connection is costed on a per-byte basis. 0x80 - The connection is roaming. 0x80000000 - Ignore conge
ge Visibility" setting under Computer Configuration.

Computer Configuration.
, once the DCOM server process was up and running, might now fail instead. The proper action in this situation is to re-configure the DCO
y which in some cases can lead to crashes or data loss or incompatibility with certain plug-in cards. If not setting this option the targeted d
olved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolve
uery. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the prim
Microsoft, and the next administrator to log onto the computer can send the error reports to Microsoft. - ""Replace instances of the word ‘
dwriting recognizers, and not with third-party recognizers.
dwriting recognizers, and not with third-party recognizers.

, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IM


, to enable PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE and PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IM

setting to configure asynchronous foreground behavior.)


ow Link Detection” policy setting to configure asynchronous foreground behavior.)
up Policy). This setting is only used when the "Turn off background refresh of Group Policy" setting is not enabled. Note: Consider notifyin

(located in Computer Configuration\Administrative Templates\System\Group Policy). Tip: Consider notifying users that their policy is upda
which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not co
which this site should be associated for security settings. The Internet Explorer zones described above are 1-4. If you disable or do not co
he domain controller advertises to Kerberos client computers that the domain is capable of claims and compound authentication for Dyna
enabled. If you use this setting, you must enable BranchCache for individual shares in Share and Storage Management on the file server. - D

figured as a terminal server (that is, the Terminal Server role service is installed and configured on the server); and • The “Allow asynchron
e their local configuration.
s that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators. If you disable this settin

. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled

prohibited from configuring Internet Connection Sharing, regardless of this setting. Note: Disabling this setting does not prevent Wireless
tioned to slow-link mode, users will continue to operate in slow-link mode until the user clicks the Work Online button on the toolbar in Wi
ce currently used by offline files. The cache is then considered full. If you enable this setting and specify an auto-cached space limit greate
mputer disk space to use for the BranchCache client computer cache. * This policy setting is supported on computers that are running Win
cache server. Because the hosted cache server name is also specified in the certificate enrolled to the hosted cache server, the name that yo

enabled, you can also select and configure the following option: - Type the maximum round trip network latency (milliseconds) after which
che Servers" is applied. This policy setting can only be applied to client computers that are running at least Windows 8. This policy has no

selection, this policy is not applied to client computers. In circumstances where this setting is enabled, you can also select and configure th
"Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later
"Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later
elpctr.exe %WINDIR%\System32\Sessmgr.exe For computers running Windows Server 2003 with Service Pack 1 (SP1) Port 135:TCP %WIN

crosoft operating systems can read and respond to the information. Note: The default policy setting, "Off," is designed for systems where e

o RPC Servers running on the machine on which the policy setting is applied. No exceptions are allowed. Note: This policy setting will not b
o adhere to this setting.
rs will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose “High” from the drop
rs will not be able to configure this setting in the Input Panel Options dialog box. If you enable this policy and choose “High” from the drop
pts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 en

not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is s
he RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote De
rios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications. N
ssively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit
f time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Oth
periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout m
ry portion of the user profile. The system also records an event when it fails to update the files in a user profile.

itLocker setup. Enable the "Turn on TPM backup to Active Directory Domain Services" policy setting in System\Trusted Platform Module Se
not be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing" p

tion fields are required for management of certificate-based data recovery agents on BitLocker-protected drives. BitLocker will only manage

tLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. Note: If the

xclusion (respectively) of the PCRs.


r (PCR 10), and the BitLocker Access Control (PCR 11). Warning: Changing from the default platform validation profile affects the security a
ofile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authorized) is i

56 in CBC mode OID: 2.16.840.1.101.3.4.1.42

d the backup of BitLocker recovery information to AD DS succeeds. Note: If the "Do not enable BitLocker until recovery information is store
upported with the default settings, which do not include password complexity requirements and require only 8 characters. Note: Password

s XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed. Note: This policy setting does not apply to drives that are fo

BC mode OID: 2.16.840.1.101.3.4.1.42


the "Do not enable BitLocker until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password

settings, which do not include password complexity requirements and require only 8 characters. Note: Passwords cannot be used if FIPS-c

ws Server 2008, Windows Vista, Windows XP with SP3, or Windows XP with SP2. Bitlockertogo.exe will not be installed. Note: This policy s

6 in CBC mode OID: 2.16.840.1.101.3.4.1.42


ates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrecti
is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount.
appear in the "Search again" links or the Start menu links.
ws Defender Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be

xceptions."

ultiple entries. If entries have different Status values, any definition with the Status set to "disabled" overrides all definitions with the Status

y require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 4

ws Defender Firewall adds it to the list without checking for errors. This allows you to add programs that you have not installed yet, but be

xceptions."

ultiple entries. If entries have different Status values, any definition with the Status set to "disabled" overrides all definitions with the Status

y require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 4
all updates right away. Users will then be notified about an upcoming restart, and that restart will only take place if there is no potential for
s which are present on the alternate download server. Note: If the "Configure Automatic Updates" policy is disabled, then this policy has n

dows, it is disabled by default. If the "Configure Automatic Updates" policy setting is disabled or is not configured, then the Elevate Non-Ad

rarily pause them. The pause will remain in effect for 35 days from the start time provided. - To resume receiving Feature Updates which a
ing. 0x80000000 - Ignore congestion.
uation is to re-configure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be us
etting this option the targeted devices should be tested to ensure compatibility. Warning: All drivers on the system must be compatible wi
DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server. For example, i
ps the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new q
"Replace instances of the word ‘Microsoft’ with"": You can specify text with which to customize your error report dialog boxes. The word "
N_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF,
N_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON, disable PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF,
nabled. Note: Consider notifying users that their policy is updated periodically so that they recognize the signs of a policy update. When G

ng users that their policy is updated periodically so that they recognize the signs of a policy update. When Group Policy is updated, the Wi
1-4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
1-4. If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
mpound authentication for Dynamic Access Control and Kerberos armoring, and: - If you set the "Always provide claims" option, always ret
anagement on the file server. - Disallow hash publication on all shared folders. With this option, BranchCache does not generate content in

er); and • The “Allow asynchronous user Group Policy processing when logging on through Terminal Services” policy setting is enabled. Th
strators. If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrator

rnet Connection Firewall enabled.

etting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running,
nline button on the toolbar in Windows Explorer. Data will only be synchronized to the server if the user manually initiates synchronization
n auto-cached space limit greater than the total size limit, the auto-cached limit is automatically adjusted downward to equal the total size
computers that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS)
ed cache server, the name that you enter here must match the name of the hosted cache server that is specified in the server certificate. H

atency (milliseconds) after which caching begins. Specifies the amount of time, in milliseconds, after which BranchCache client computers b
t Windows 8. This policy has no effect on computers that are running Windows 7 or Windows Vista. If you disable, or do not configure thi

can also select and configure the following option: - Hosted cache servers. To add hosted cache server computer names to this policy setti
and Windows XP SP1 (and later service packs).
and Windows XP SP1 (and later service packs).
Pack 1 (SP1) Port 135:TCP %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Allow

is designed for systems where extended error information is considered to be sensitive, and it should not be made available remotely. No

Note: This policy setting will not be applied until the system is rebooted.
and choose “High” from the drop-down box, password security is set to “High.” At this setting, when users enter passwords from Input Pane
and choose “High” from the drop-down box, password security is set to “High.” At this setting, when users enter passwords from Input Pane
rocessing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communic

tting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
ndows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roamin
some TPM-based applications. Note: If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", t
y require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the
art to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout m
tem restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the
em\Trusted Platform Module Services to ensure that TPM information is also backed up.
cryption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Option

rives. BitLocker will only manage and update certificate-based data recovery agents when the identification field is present on a drive and is

to AD DS succeeds. Note: If the "Do not enable BitLocker until recovery information is stored in AD DS for operating system drives" check

tion profile affects the security and manageability of your computer. BitLocker's sensitivity to platform modifications (malicious or authoriz
ons (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs. Specifically, settin

until recovery information is stored in AD DS for fixed data drives" check box is selected, a recovery password is automatically generated. If
nly 8 characters. Note: Passwords cannot be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms

es not apply to drives that are formatted with the NTFS file system.

is selected, a recovery password is automatically generated. If you enable this policy setting, you can control the methods available to use

sswords cannot be used if FIPS-compliance is enabled. The "System cryptography: Use FIPS-compliant algorithms for encryption, hashing, a

be installed. Note: This policy setting does not apply to drives that are formatted with the NTFS file system.

er than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds. PhaseCorrectRate This parameter cont
be twice the previous amount. The default value is seven attempts. SpecialPollInterval This NTP client value, expressed in seconds, contro
ou have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Sta

des all definitions with the Status set to "enabled," and the port does not receive messages. Therefore, if you set the Status of a port to "dis

ny policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Pin

ou have not installed yet, but be aware that you can accidentally create multiple entries for the same program with conflicting Scope or Sta

des all definitions with the Status set to "enabled," and the port does not receive messages. Therefore, if you set the Status of a port to "dis

ny policy setting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Pin
place if there is no potential for accidental data loss. Automatic maintenance can be further configured by using Group Policy settings her
s disabled, then this policy has no effect. Note: If the "Alternate Download Server" is not set, it will use the intranet update service by defa

figured, then the Elevate Non-Admin policy setting has no effect.

ceiving Feature Updates which are paused, clear the start date field. To configure Feature Updates you must have a telemetry level setting
but this policy setting may be used in the short-term as an application compatibility deployment aid. DCOM servers added to this exempti
e system must be compatible with this feature or the system may crash. Ensure that this policy setting is only deployed to computers which
y to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "
el name, and submits this new query to a DNS server. For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non
report dialog boxes. The word ""Microsoft"" is replaced with the specified text. If you do not configure this policy setting, users can chan
TTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of: ???????????????0???????1??????
TTOM_UP_ASLR_ALWAYS_OFF, and to leave all other options at their default values, specify a value of: ???????????????0???????1??????
signs of a policy update. When Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, r

Group Policy is updated, the Windows desktop is refreshed; it flickers briefly and closes open menus. Also, restrictions imposed by Group P
rovide claims" option, always returns claims for accounts and supports the RFC behavior for advertising the flexible authentication secure t
che does not generate content information for any shares on the computer and does not send content information to client computers that

ces” policy setting is enabled. This policy setting is located under Computer Configuration\Policies\Administrative templates\System\Group
0 will not apply to administrators. Note: This setting is intended to be used in a situation in which the Group Policy object that these settin

nt the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks"
anually initiates synchronization by using Sync Center. In Windows 7, Windows Server 2008 R2, Windows 8 or Windows Server 2012, when
ownward to equal the total size limit. This setting replaces the Default Cache Size setting used by pre-Windows Vista systems.
ntelligent Transfer Service (BITS) 4.0 installed.
cified in the server certificate. Hosted cache clients must trust the server certificate that is issued to the hosted cache server. Ensure that t

BranchCache client computers begin to cache content locally.


u disable, or do not configure this setting, a client will not attempt to discover hosted cache servers by service connection point. Policy con

mputer names to this policy setting, click Enabled, and then click Show. The Show Contents dialog box opens. Click Value, and then type th
pCtr\Binaries\Helpctr.exe Allow Remote Desktop Exception

be made available remotely. Note: This policy setting will not be applied until the system is rebooted.
enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not disp
enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is not allowed, and Input Panel does not disp
ncryption level when communications between clients and RD Session Host servers requires the highest level of encryption.

t RD Gateway server.
Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
ged from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner autho
h clock cycles elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's ha
efore the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic us
elapse before the TPM exits the lockout mode. An administrator with the TPM owner password may fully reset the TPM's hardware lockou
gs\Local Policies\Security Options specifies whether FIPS-compliance is enabled.

n field is present on a drive and is identical to the value configured on the computer. The identification field can be any value of 260 charact

operating system drives" check box is selected, a recovery password is automatically generated. If you enable this policy setting, you can c

difications (malicious or authorized) is increased or decreased depending upon inclusion or exclusion (respectively) of the PCRs.
y) of the PCRs. Specifically, setting this policy with PCR 7 omitted, will override the "Allow Secure Boot for integrity validation" group policy,

rd is automatically generated. If you enable this policy setting, you can control the methods available to users to recover data from BitLock
: Use FIPS-compliant algorithms for encryption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security

rol the methods available to users to recover data from BitLocker-protected removable data drives. If this policy setting is not configured o

rithms for encryption, hashing, and signing" policy setting in Computer Configuration\Windows Settings\Security Settings\Local Policies\Se

CorrectRate This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that
ue, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a spec
am with conflicting Scope or Status values. Scope parameters are combined for multiple entries. Note: If you set the Status parameter of a

ou set the Status of a port to "disabled," you can prevent administrators from using the Windows Defender Firewall component in Control P

ges (the message sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them

am with conflicting Scope or Status values. Scope parameters are combined for multiple entries. Note: If you set the Status parameter of a

ou set the Status of a port to "disabled," you can prevent administrators from using the Windows Defender Firewall component in Control P

ges (the message sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them
y using Group Policy settings here: Computer Configuration->Administrative Templates->Windows Components->Maintenance Scheduler 5
e intranet update service by default to download updates. Note: The option to "Download files with no Url..." is only used if the "Alternate

st have a telemetry level setting of 1 or higher. If you disable or do not configure this policy, Windows Update will not alter its behavior.
M servers added to this exemption list are only exempted if their custom launch permissions do not contain specific LocalLaunch, RemoteL
nly deployed to computers which are known to be compatible. Credential Guard This setting lets users turn on Credential Guard with virtu
-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primar
osoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails
his policy setting, users can change Windows Error Reporting settings in Control Panel. By default, these settings are Enable Reporting on co
?????????????0???????1???????1 Setting flags not specified here to any value other than ? results in undefined behavior.
?????????????0???????1???????1 Setting flags not specified here to any value other than ? results in undefined behavior.
y and closes open menus. Also, restrictions imposed by Group Policies, such as those that limit the programs users can run, might interfere

restrictions imposed by Group Policies, such as those that limit the programs a user can run, might interfere with tasks in progress.
e flexible authentication secure tunneling (FAST). - If you set the "Fail unarmored authentication requests" option, rejects unarmored Kerb
rmation to client computers that request content.

trative templates\System\Group Policy\. If this configuration is not implemented on the server, this policy setting is ignored. In this case, G
up Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers

the "Don't use hosted networks" check box.


or Windows Server 2012, when operating in slow-link mode Offline Files synchronizes the user's files in the background at regular interval
dows Vista systems.
osted cache server. Ensure that the issuing CA certificate is installed in the Trusted Root Certification Authorities certificate store on all hoste

ce connection point. Policy configuration Select one of the following: - Not Configured. With this selection, BranchCache settings are not

ns. Click Value, and then type the computer names of the hosted cache servers.
d, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel O
d, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to configure this setting in the Input Panel O
of the original TPM owner authorization value will be invalid.
word may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets th
TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lock
reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardw
can be any value of 260 characters or fewer.

able this policy setting, you can control the methods available to users to recover data from BitLocker-protected operating system drives. If

ectively) of the PCRs.


ntegrity validation" group policy, preventing BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity valida

ers to recover data from BitLocker-protected fixed data drives. If this policy setting is not configured or disabled, the default recovery optio
tion\Windows Settings\Security Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.

policy setting is not configured or disabled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed,

ecurity Settings\Local Policies\Security Options specifies whether FIPS-compliance is enabled.

ence to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger
ource is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value
ou set the Status parameter of a definition string to "disabled," Windows Defender Firewall ignores port requests made by that program an

Firewall component in Control Panel to enable the port. Note: The only effect of setting the Status value to "disabled" is that Windows De

" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow inbound file and

ou set the Status parameter of a definition string to "disabled," Windows Defender Firewall ignores port requests made by that program an

Firewall component in Control Panel to enable the port. Note: The only effect of setting the Status value to "disabled" is that Windows De

" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow inbound file and
nents->Maintenance Scheduler 5 = Allow local administrators to select the configuration mode that Automatic Updates should notify and in
..." is only used if the "Alternate Download Server" is set. Note: This policy is not supported on Windows RT. Setting this policy will not hav

ate will not alter its behavior.


n specific LocalLaunch, RemoteLaunch, LocalActivate, or RemoteActivate grant or deny entries for any users or groups. Also note, exempti
n on Credential Guard with virtualization-based security to help protect credentials. The "Disabled" option turns off Credential Guard remo
e DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.a
mple.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution leve
ttings are Enable Reporting on computers that are running Windows XP, and Report to Queue on computers that are running Windows Serv
ms users can run, might interfere with tasks in progress.

re with tasks in progress.


option, rejects unarmored Kerberos messages. Warning: When "Fail unarmored authentication requests" is set, then client computers wh
setting is ignored. In this case, Group Policy processing at user logon is synchronous (these servers wait for the network to be initialized du
dows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional a
e background at regular intervals, or as configured by the "Configure Background Sync" policy. While in slow-link mode, Windows periodica
rities certificate store on all hosted cache client computers. * This policy setting is supported on computers that are running Windows Vista

n, BranchCache settings are not applied to client computers by this policy setting, and client computers do not perform hosted cache serve
this setting in the Input Panel Options dialog box. If you disable this policy, password security is set to “Medium-High.” At this setting, whe
this setting in the Input Panel Options dialog box. If you disable this policy, password security is set to “Medium-High.” At this setting, whe
h time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing sta
resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the
inistrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to
ected operating system drives. If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker r

ration Data (BCD) integrity validation. Setting this policy may result in BitLocker recovery when firmware is updated. If you set this policy to

abled, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified
e is enabled.

ery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and re

ck to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar). PollAdjustFactor This parameter contro
setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInte
quests made by that program and ignores other definitions that set the Status of that program to "enabled." Therefore, if you set the Statu

to "disabled" is that Windows Defender Firewall ignores other definitions for that port that set the Status to "enabled." If another policy se

Firewall: Allow inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administration exception,"

quests made by that program and ignores other definitions that set the Status of that program to "enabled." Therefore, if you set the Statu

to "disabled" is that Windows Defender Firewall ignores other definitions for that port that set the Status to "enabled." If another policy se

Firewall: Allow inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administration exception,"
atic Updates should notify and install updates. With this option, local administrators will be allowed to use the Windows Update control p
RT. Setting this policy will not have any effect on Windows RT PCs.
rs or groups. Also note, exemptions for DCOM Server Appids added to this list will apply to both 32-bit and 64-bit versions of the server if p
turns off Credential Guard remotely if it was previously turned on with the "Enabled without lock" option. The "Enabled with UEFI lock" o
d submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it is under specified devo
till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved
s that are running Windows Server 2003. If you disable this policy setting, configuration settings in the policy setting are left blank. See rel
is set, then client computers which do not support Kerberos armoring will fail to authenticate to the domain controller. To ensure this feat
r the network to be initialized during user logon). If you disable or do not configure this policy setting and users log on to a client computer
all Windows 2000 Professional and Windows XP Professional computers.
w-link mode, Windows periodically checks the connection to the folder and brings the folder back online if network speeds improve. In W
s that are running Windows Vista Business, Enterprise, and Ultimate editions with Background Intelligent Transfer Service (BITS) 4.0 installe

not perform hosted cache server discovery. - Enabled. With this selection, the policy setting is applied to client computers, which perform
edium-High.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is al
edium-High.” At this setting, when users enter passwords from Input Panel they use the on-screen keyboard by default, skin switching is al
failures are ignored; allowing standard users to use the TPM normally again immediately. If this value is not configured, a default value of 4
owing standard users to use the TPM normally again immediately. If this value is not configured, a default value of 4 is used. A value of zer
ored; allowing standard users to use the TPM normally again immediately. If this value is not configured, a default value of 9 is used. A va
ons are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recov

updated. If you set this policy to include PCR 0, suspend BitLocker prior to applying firmware updates.

ecovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up

assword and recovery key, and recovery information is not backed up to AD DS

ustFactor This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the poll
MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range
d." Therefore, if you set the Status to "disabled," you prevent administrators from allowing the program to ask Windows Defender Firewall

o "enabled." If another policy setting opens a port, or if a program in the program exceptions list asks Windows Defender Firewall to open a

mote administration exception," and "Windows Defender Firewall: Define inbound port exceptions."

d." Therefore, if you set the Status to "disabled," you prevent administrators from allowing the program to ask Windows Defender Firewall

o "enabled." If another policy setting opens a port, or if a program in the program exceptions list asks Windows Defender Firewall to open a

mote administration exception," and "Windows Defender Firewall: Define inbound port exceptions."
e the Windows Update control panel to select a configuration option of their choice. Local administrators will not be allowed to disable the
d 64-bit versions of the server if present.
The "Enabled with UEFI lock" option ensures that Credential Guard cannot be disabled remotely. In order to disable the feature, you mus
ther if it is under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it
he primary DNS suffix is devolved further if it is under specified devolution level and the query example.microsoft.com is submitted. If this q
icy setting are left blank. See related policy settings Display Error Notification (same folder as this policy setting), and Turn off Windows Err
in controller. To ensure this feature is effective, deploy enough domain controllers that support claims and compound authentication for D
users log on to a client computer or a server running Windows Server 2008 or later and that is configured as described earlier, the compute
network speeds improve. In Windows 8 or Windows Server 2012, set the Latency threshold to 1ms to keep users always working offline in
ransfer Service (BITS) 4.0 installed.

client computers, which perform automatic hosted cache server discovery and which are configured as hosted cache mode clients. - Disab
rd by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to confi
rd by default, skin switching is allowed, and Input Panel does not display the cursor or which keys are tapped. Users will not be able to confi
t configured, a default value of 480 minutes (8 hours) is used.
value of 4 is used. A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authoriza
default value of 9 is used. A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an
d by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.

ery information is not backed up to AD DS

nsidered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval
ollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
ask Windows Defender Firewall to open additional ports. However, even if the Status is "disabled," the program can still receive unsolicited

dows Defender Firewall to open a port, Windows Defender Firewall opens the port. Note: If any policy setting opens TCP port 445, Window

ask Windows Defender Firewall to open additional ports. However, even if the Status is "disabled," the program can still receive unsolicited

dows Defender Firewall to open a port, Windows Defender Firewall opens the port. Note: If any policy setting opens TCP port 445, Window
will not be allowed to disable the configuration for Automatic Updates. If the status for this policy is set to Disabled, any updates that are av
to disable the feature, you must set the Group Policy to "Disabled" as well as remove the security functionality from each computer, with
y fails, devolution continues if it is under specified devolution level and the query example.microsoft.com is submitted, corresponding to a
crosoft.com is submitted. If this query fails, devolution continues if it is under specified devolution level and the query example.microsoft.c
tting), and Turn off Windows Error Reporting in Computer Configuration/Administrative Templates/System/Internet Communication Mana
d compound authentication for Dynamic Access Control and are Kerberos armor-aware to handle the authentication requests. Insufficient n
s described earlier, the computer typically does not wait for the network to be fully initialized. In this case, users are logged on with cached
ep users always working offline in slow-link mode. If you disable this policy setting, computers will not use the slow-link mode.
ted cache mode clients. - Disabled. With this selection, this policy is not applied to client computers.
ed. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, password secu
ed. Users will not be able to configure this setting in the Input Panel Options dialog box. If you do not configure this policy, password secu
M which may cause an authorization failure.
to the TPM which may cause an authorization failure.
to AD DS.

e inaccurate, the polling interval shortens automatically. Default: 5 (scalar). SpikeWatchPeriod This parameter specifies the amount of time
picked. Default: 1024 seconds. EventLogFlags This value is a bitmask that controls events that may be logged to the System log in Event V
gram can still receive unsolicited incoming messages through a port if another policy setting opens that port. Note: Windows Defender Fir

tting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), ev

gram can still receive unsolicited incoming messages through a port if another policy setting opens that port. Note: Windows Defender Fir

tting opens TCP port 445, Windows Defender Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), ev
Disabled, any updates that are available on Windows Update must be downloaded and installed manually. To do this, search for Windows U
nality from each computer, with a physically present user, in order to clear configuration persisted in UEFI. The "Enabled without lock" opti
s submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved beyond a devolution level of two. The
d the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix cannot be devolved be
/Internet Communication Management/Internet Communication settings.
ntication requests. Insufficient number of domain controllers that support this policy result in authentication failures whenever Dynamic A
users are logged on with cached credentials. Group Policy is applied asynchronously in the background. Notes: -If you want to guarantee
the slow-link mode.
figure this policy, password security is set to “Medium-High” by default. At this setting, when users enter passwords from Input Panel they
figure this policy, password security is set to “Medium-High” by default. At this setting, when users enter passwords from Input Panel they
eter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepte
ged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detect
rt. Note: Windows Defender Firewall opens ports for the program only when the program is running and "listening" for incoming message

ssage sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them. Policy setti

rt. Note: Windows Defender Firewall opens ports for the program only when the program is running and "listening" for incoming message

ssage sent by the Ping utility), even if the "Windows Defender Firewall: Allow ICMP exceptions" policy setting would block them. Policy setti
To do this, search for Windows Update using Start. If the status is set to Not Configured, use of Automatic Updates is not specified at the G
The "Enabled without lock" option allows Credential Guard to be disabled remotely by using Group Policy. The devices that use this setting
nd a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The defaul
DNS suffix cannot be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The defau
on failures whenever Dynamic Access Control or Kerberos armoring is required (that is, the "Supported" option is enabled). Impact on dom
Notes: -If you want to guarantee the application of Folder Redirection, Software Installation, or roaming user profile settings in just one logo
asswords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the curs
asswords from Input Panel they use the on-screen keyboard by default, skin switching is allowed, and Input Panel does not display the curs
before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccu
whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is
listening" for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Defender Fire

ng would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow inbound file and printer sharin

listening" for incoming messages. If the program is not running, or is running but not listening for those messages, Windows Defender Fire

ng would block them. Policy settings that can open TCP port 445 include "Windows Defender Firewall: Allow inbound file and printer sharin
Updates is not specified at the Group Policy level. However, an administrator can still configure Automatic Updates through Control Panel.
The devices that use this setting must be running at least Windows 10 (Version 1511). The "Not Configured" option leaves the policy settin
n level policy setting. The default devolution level is two. If you enable this policy setting, or if you do not configure this policy setting, DNS
ng this policy setting. The default devolution level is two. If you enable this policy setting and DNS devolution is also enabled, DNS clients
ption is enabled). Impact on domain controller performance when this policy setting is enabled: - Secure Kerberos domain capability disco
er profile settings in just one logon, enable this policy setting to ensure that Windows waits for the network to be available before applying
t Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Pane
t Panel does not display the cursor or which keys are tapped. Users will be able to configure this setting on the Advanced tab in Input Pane
o help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds. UpdateInterval This parameter sp
henever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jum
essages, Windows Defender Firewall does not open its ports.

w inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administration exception," and "Windo

essages, Windows Defender Firewall does not open its ports.

w inbound file and printer sharing exception," "Windows Defender Firewall: Allow inbound remote administration exception," and "Windo
Updates through Control Panel.
d" option leaves the policy setting undefined. Group Policy does not write the policy setting to the registry, and so it has no impact on com
configure this policy setting, DNS clients attempt to resolve single-label names using concatenations of the single-label name to be resolved
tion is also enabled, DNS clients use the DNS devolution level that you specify. If this policy setting is disabled, or if this policy setting is not
Kerberos domain capability discovery is required resulting in additional message exchanges. - Claims and compound authentication for Dyn
k to be available before applying policy. -If Folder Redirection policy will apply during the next logon, security policies will be applied async
the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. Caution: If you lower password security settings, people who
the Advanced tab in Input Panel Options in Windows 7 and Windows Vista. Caution: If you lower password security settings, people who
pdateInterval This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected grad
0x2) indicates that both time jumps and time source changes will be logged.
stration exception," and "Windows Defender Firewall: Define inbound port exceptions."

stration exception," and "Windows Defender Firewall: Define inbound port exceptions."
, and so it has no impact on computers or users. If there is a current setting in the registry it will not be modified.
single-label name to be resolved and the devolved primary DNS suffix. If you disable this policy setting, DNS clients do not attempt to reso
led, or if this policy setting is not configured, DNS clients use the default devolution level of two provided that DNS devolution is enabled.
ompound authentication for Dynamic Access Control increases the size and complexity of the data in the message which results in more pr
ity policies will be applied asynchronously during the next update cycle, if network connectivity is available.
d security settings, people who can see the user’s screen might be able to see their passwords.
d security settings, people who can see the user’s screen might be able to see their passwords.
NS clients do not attempt to resolve names that are concatenations of the single-label name to be resolved and the devolved primary DNS s
hat DNS devolution is enabled.
message which results in more processing time and greater Kerberos service ticket size. - Kerberos armoring fully encrypts Kerberos messag
and the devolved primary DNS suffix.
g fully encrypts Kerberos messages and signs Kerberos errors which results in increased processing time, but does not change the service ti
ut does not change the service ticket size.
Status Policy Path
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Computer Configuration\Windows Settings\Security Settings\System Services
Computer Configuration\Windows Settings\Security Settings\Registry
Computer Configuration\Windows Settings\Security Settings\File System
Policy Name
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirement
Store passwords using reversible encryption for all users in the domain
Account lockout duration
Account lockout threshold
Reset lockout counter after
Enforce user logon restrictions
Maximum lifetime for service ticket
Maximum lifetime for user ticket
Maximum lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
Access this computer from the network
Access Credential Manager as a trusted caller
Act as part of the operating system
Add workstations to a domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Remote Desktop Services
Backup files and directories
Bypass traverse checking
Change the system time
Change the time zone
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Create Symbolic Links
Debug programs
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase a process working set
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify an object label
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects
Accounts: Administrator account status
Accounts: Block Microsoft accounts
Accounts: Guest account status
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Rename administrator account
Accounts: Rename guest account
Audit: Audit the accesss of global system objects
Audit: Audit the use of Backup and Restore privilege
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
Audit: Shut down system immediately if unable to log security audits
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on
Devices: Allowed to format and eject removable media
Devices: Prevent users from installing printer drivers
Devices: Restrict CD-ROM access to locally logged-on user only
Devices: Restrict floppy access to locally logged-on user only
Domain controller: Allow server operators to schedule tasks
Domain controller: LDAP server signing requirements
Domain controller: Refuse machine account password changes
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Domain member: Maximum machine account password age
Domain member: Require strong (Windows 2000 or later) session key
Interactive Logon: Display user information when session is locked
Interactive logon: Do not require CTRL+ALT+DEL
Interactive logon: Don't display last signed-in
Interactive logon: Don't display username at sign-in
Interactive logon: Machine account lockout threshold
Interactive logon: Machine inactivity limit
Interactive logon: Message text for users attempting to logon
Interactive logon: Message title for users attempting to logon
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Prompt user to change password before expiration
Interactive logon: Require Domain Controller authentication to unlock workstation
Interactive logon: Require smart card
Interactive logon: Smart card removal behavior
Microsoft network client: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Send unencrypted password to third-party SMB servers
Microsoft network server: Amount of idle time required before suspending session
Microsoft network server: Attempt S4U2Self to obtain claim information
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Microsoft network server: Disconnect clients when logon hours expire
Microsoft network server: Server SPN target name validation level
Network access: Allow anonymous SID/Name translation
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Do not allow storage of passwords and credentials for network authentication
Network access: Let Everyone permissions apply to anonymous users
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths
Network access: Remotely accessible registry paths and sub-paths
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Shares that can be accessed anonymously
Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change
Network security: Force logoff when logon hours expire
Network security: LAN Manager authentication level
Network security: LDAP client signing requirements
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security: Restrict NTLM: Incoming NTLM traffic
Network security: Restrict NTLM: Audit Incoming NTLM Traffic
Network security: Restrict NTLM: NTLM authentication in this domain
Network security: Restrict NTLM: Audit NTLM authentication in this domain
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
Network security: Restrict NTLM: Add server exceptions in this domain
Network security: Allow LocalSystem NULL session fallback
Network security: Allow Local System to use computer identity for NTLM
Network security: Allow PKU2U authentication requests to this computer to use online identities.
Network security: Configure encryption types allowed for Kerberos
Recovery console: Allow automatic administrative logon
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
System cryptography: Force strong key protection for user keys stored on the computer
System objects: Default owner for objects created by members of the Administrators group
System objects: Require case insensitivity for non-Windows subsystems
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)
System settings: Optional subsystems
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Behavior of the elevation prompt for standard users
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Run all administrators in Admin Approval Mode
User Account Control: Switch to the secure desktop when prompting for elevation
User Account Control: Virtualize file and registry write failures to per-user locations
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
Maximum application log size
Maximum security log size
Maximum system log size
Prevent local guests group from accessing application log
Prevent local guests group from accessing security log
Prevent local guests group from accessing system log
Retain application log
Retain security log
Retain system log
Retention method for application log
Retention method for security log
Retention method for system log
Restricted Groups
System Services
Registry
File System
Supported On
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
Only Windows XP SP2
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
Windows XP SP2, Windows Server 2003
Windows 8, Windows Server 2012
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows XP SP2, Windows Server 2003
At least Windows 10
At least Windows 10
Windows 8, Windows Server 2012
Windows 8, Windows Server 2012
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
Windows 8, Windows Server 2012
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows 7, Windows Server 2008 R2
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows 7, Windows Server 2008 R2
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
At least Windows XP SP2, Windows Server 2003
Windows XP SP2, Windows Server 2003
At least Windows Vista, Windows Server 2003
At least Windows Vista, Windows Server 2003
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
At least Windows Vista, Windows Server 2008
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Only Windows XP SP2, Windows Server 2003
Registry Settings
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Password Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
User Rights security settings are not registry keys
Not a registry key
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
MACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineAccessRestriction
MACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineLaunchRestriction
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinte
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey
Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System, value=DontDisplayLockedUser
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
Not a registry key
Not a registry key
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignat
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignat
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPass
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect
Not a registry key
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\SmbServerNameHardening
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomain
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServers
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServers
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownullsessionfallback
MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId
MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineID
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\Suppor
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFile
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner
MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode
MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Event Log security settings are not registry keys.
Restricted Groups policy settings are not registry keys.
System Services policy settings are not registry keys.
not a registry key
File System policy settings are not registry keys.
Help Text
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirements
Store passwords using reversible encryption
Account lockout duration
Account lockout threshold
Reset account lockout counter after
Enforce user logon restrictions
Maximum lifetime for service ticket
Maximum lifetime for user ticket
Maximum lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
Access this computer from the network

This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved cre
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the Time Zone
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Create Symbolic Links
Debug programs
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase a process working set
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify an object label
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects
Accounts: Administrator account status
Accounts: Block Microsoft accounts
Accounts: Guest account status
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Rename administrator account
Accounts: Rename guest account
Audit: Audit the access of global system objects
Audit: Audit the use of Backup and Restore privilege
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.
Audit: Shut down system immediately if unable to log security audits
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on
Devices: Allowed to format and eject removable media
Devices: Prevent users from installing printer drivers when connecting to shared printers
Devices: Restrict CD-ROM access to locally logged-on user only
Devices: Restrict floppy access to locally logged-on user only
Domain controller: Allow server operators to schedule tasks
Domain controller: LDAP server signing requirements
Domain controller: Refuse machine account password changes
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Domain member: Maximum machine account password age
Domain member: Require strong (Windows 2000 or later) session key
Interactive Logon: Display user information when session is locked
Interactive logon: Do not require CTRL+ALT+DEL
Interactive logon: Don't display last signed in
Interactive logon: Don't display last signed in
Interactive logon: Machine account threshold.
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that appropriate recover
Interactive logon: Machine inactivity limit.
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Prompt user to change password before expiration
Interactive logon: Require Domain Controller authentication to unlock
Interactive logon: Require smart card
Interactive logon: Smart card removal behavior
Microsoft network client: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Send unencrypted password to connect to third-party SMB servers
Microsoft network server: Amount of idle time required before suspending a session
Microsoft network server: Attempt S4U2Self to obtain claim information
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Microsoft network server: Disconnect clients when logon hours expire
Microsoft network server: Server SPN target name validation level
Network access: Allow anonymous SID/name translation
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Do not allow storage of credentials or .NET Passports for network authentication
Network access: Let Everyone permissions apply to anonymous users
Network access: Named pipes that can be accessed anonymously
Network access: Remotely accessible registry paths
Network access: Remotely accessible registry paths and subpaths
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Shares that can be accessed anonymously
Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change
Network security: Force logoff when logon hours expire
Network security: LAN Manager authentication level
Network security: LDAP client signing requirements
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security: Restrict NTLM: Incoming NTLM traffic
Network security: Restrict NTLM: Audit Incoming NTLM Traffic
Network security: Restrict NTLM: NTLM authentication in this domain
Network security: Restrict NTLM: Audit NTLM authentication in this domain
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
Network security: Restrict NTLM: Add server exceptions in this domain
Network security: Allow LocalSystem NULL session fallback
Network security: Allow Local System to use computer identity for NTLM
Network security: Allow PKU2U authentication requests to this computer to use online identities.
Network security: Configure encryption types allowed for Kerberos
Recovery console: Allow automatic administrative logon
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile
System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
System Cryptography: Force strong key protection for user keys stored on the computer
System objects: Default owner for objects created by members of the Administrators group
Description
System objects: Require case insensitivity for non-Windows subsystems
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)
System settings: Optional subsystems
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Behavior of the elevation prompt for standard users
This security setting determines the behavior of the elevation prompt for standard users
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Run all users, including administrators, as standard users.
User Account Control: Switch to the secure desktop when prompting for elevation
User Account Control: Virtualizes file and registry write failures to per-user locations
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
Maximum application log size
Maximum security log size
Maximum system log size
Prevent local guests group and ANONYMOUS LOGIN users from accessing application log
Prevent local guests group and ANONYMOUS LOGIN users from accessing security log
Prevent local guests group and ANONYMOUS LOGIN users from accessing system log
Retain application log
Retain security log
Retain system log
Retention method for application log
Retention method for security log
Retention method for system log
Restricted Groups
System Services security settings
Registry security settings
File System security settings
Reboot ReComments
No
No
No
No
No
No
No
No
No
No clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for th
No clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for th
No clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for th
No clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for th
No clients will get the new setting after a maximum of 8 hours but for DCs to assign these new settings a Gpupdate /force is required or waiting for th
No
No
No
No
No
No
No
No
No
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Note: In Windows 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server 2003 family, the Task Schedule
No Logoff required
No Note: See also the corresponding Windows Server 2003 Allow log on locally policy setting, earlier in this worksheet.
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No

No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No For the policy change to take effect, the spooler service needs to be stopped/restarted, but the system does not have to be rebooted.
No
No
Yes Restart of service might be sufficient
No
No
No Important: In order to take advantage of this policy on member workstations and servers, all domain controllers that constitute the member’s dom
In order to take advantage of this policy on doma
No
No
No
No Important: This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these com
No

No
No
No
No
No
No
No
No
No
No Important: This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these co
No Important: This setting will apply to any computers running Windows 2000 through changes in the registry, but the security setting is not viewable
No Only LogOff is required for W2K, XP and W2K3 computers. In Vista, start/restart the scpolicysvc will work or LogOff
Yes Important: For this policy to take effect on computers running Windows 2000, client-side packet signing must also be enabled. For more informati
Yes
Yes
Yes
No
Yes Important: For this policy to take effect on computers running Windows 2000, server-side packet signing must also be enabled. For more informa
No
No
No
No
No Important: This policy has no impact on domain controllers. For more information, search for "Security Settings Descriptions" in the Windows Ser
No
No
No
Yes
No Important: The Network access: Remotely accessible registry paths security setting that appears on computers running Windows XP corres
No Important: On Windows XP, this security setting was called "Network access: Remotely accessible registry paths." If you configure this setting on
Yes
Yes
No Important: This setting only affects computers running Windows XP Professional which are not joined to a domain.
This policy will have no impact on computers running Windows 2000. For more information, search for "Security Setting Descriptions" in the Win
No Important: Windows 2000 Service Pack 2 (SP2) and above offer compatibility with authentication to previous versions of Windows, such as Micr
This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Pr
No
No Important: This setting can affect the ability of computers running Windows 2000 Server, Windows 2000 Professional, Windows XP Professional
Yes
No Warning: This setting will apply to any computers running Windows 2000 through changes in the registry but the security setting will not be viewa
No Warning: This setting will apply to any computers running Windows 2000 through changes in the registry but the security setting will not be viewa
No
No
No
No
No
No
No
No
No
No
No
No Require restart of recovery console
No Require restart of recovery console
No Requires logoff
Yes Vista does NOT require reboot
No
Yes Requires reboot with CNG on Vista; Does not require reboot with CAPI on Vista; Does not require reboot on XP, 2003 with CAPI
No This policy does not exist on Vista
Yes
Yes
Yes
No
No
No
No
No
No
No
Yes
No
No
No
No Note: This setting does not appear in the Local Computer Policy object.
No Note: This setting does not appear in the Local Computer Policy object.
Important: Modifying this setting may affect compatibility with clients, services, and applications. For compatibility information about this setting,
No Note: This setting does not appear in the Local Computer Policy object.
No Notes: This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000, Windows Server 2003, and Windows XP.
No Notes: This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000, Windows Server 2003, and Windows XP.
No Note: This setting does not appear in the Local Computer Policy object.
This security setting affects only computers running Windows 2000, Windows Server 2003, and Windows XP.
No Notes: This setting does not appear in the Local Computer Policy object.
A user must possess the Manage auditing and security log user right to access the security log.
No Notes: This setting does not appear in the Local Computer Policy object.
No Note: This setting does not appear in the Local Computer Policy object.
No Note: This setting does not appear in the Local Computer Policy object.
No Note: This setting does not appear in the Local Computer Policy object.
No Note: This setting does not appear in the Local Computer Policy object.

Note: This setting does not appear in the Local Computer Policy object.
Note: This setting does not appear in the Local Computer Policy object.
Note: This setting does not appear in the Local Computer Policy object.
update /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
update /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
update /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
update /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
update /force is required or waiting for the usual 5 minutes when the SCE engine assigns all modified settings.
s Server 2003 family, the Task Scheduler automatically grants this right as necessary.

oes not have to be rebooted.

rollers that constitute the member’s domain must be running Windows NT 4.0 Service Pack 6 or higher.

onfiguration Manager tools on these computers.


Configuration Manager tools on these computers.
y, but the security setting is not viewable through the Security Configuration Manager tool set.

must also be enabled. For more information, search for "Security Settings Descriptions" in the Windows Server 2003 Help.

must also be enabled. For more information, search for "Security Settings Descriptions" in the Windows Server 2003 Help.

ttings Descriptions" in the Windows Server 2003 Help.

computers running Windows XP corresponds to the Network access: Remotely accessible registry paths and subpaths security policy setting on members of the Wi
ry paths." If you configure this setting on a member of the Windows Server 2003 family that is joined to a domain, this setting is inherited by computers

a domain.
ecurity Setting Descriptions" in the Win
ious versions of Windows, such as Microsoft Windows NT 4.0.

Professional, Windows XP Professional, and the Windows Server 2003 family to communicate with computers running Windows NT 4.0 and earlier over the netwo

but the security setting will not be viewable through the Security Configuration Manager tool set. For more information, search for "Security Setting De
but the security setting will not be viewable through the Security Configuration Manager tool set. For more information, search for "Security Setting De
on XP, 2003 with CAPI

mpatibility information about this setting, see the "Event Log: Maximum sec
policy setting on members of the Wi
ted by computers

4.0 and earlier over the netwo

ecurity Setting De
ecurity Setting De

You might also like